Uploading seems to be a security risk!
Posted: Tue Nov 11, 2014 8:11 pmMy Subsonic runs on OpenSUSE 13.2 as user subsonic.
However, if I allow uploads, the uploaded files are owned by root:root, and are executable!
This is a severe bug since uploaders can put any executable there and run it as root.
Also, there should be a way to specify the location of the upload directory to take it out of the Music folder.
However, if I allow uploads, the uploaded files are owned by root:root, and are executable!
This is a severe bug since uploaders can put any executable there and run it as root.
Also, there should be a way to specify the location of the upload directory to take it out of the Music folder.