From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.62)
	(envelope-from <gentoo-user+bounces-57866-garchives=archives.gentoo.org@gentoo.org>)
	id 1H2vwm-0000PC-4h
	for garchives@archives.gentoo.org; Fri, 05 Jan 2007 20:45:52 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.8/8.13.8) with SMTP id l05Kg2RB025717;
	Fri, 5 Jan 2007 20:42:02 GMT
Received: from s15216962.onlinehome-server.info (s15216962.onlinehome-server.info [217.160.22.205])
	by robin.gentoo.org (8.13.8/8.13.8) with ESMTP id l05KbjoX030359
	for <gentoo-user@lists.gentoo.org>; Fri, 5 Jan 2007 20:37:50 GMT
Received: (from uucp@localhost)
	by s15216962.onlinehome-server.info (8.13.3/8.13.3/SuSE Linux 0.7) with UUCP id l05KbZDC022894
	for gentoo-user@lists.gentoo.org; Fri, 5 Jan 2007 21:37:35 +0100
Received: (from weigelt@localhost)
	by nibiru.metux.de (8.12.10/8.12.10) id l05KZMAP024128
	for gentoo-user@lists.gentoo.org; Fri, 5 Jan 2007 21:35:22 +0100
Date: Fri, 5 Jan 2007 21:35:21 +0100
From: Enrico Weigelt <weigelt@metux.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Problem upgrading mediawiki
Message-ID: <20070105203521.GD22582@nibiru.local>
References: <20061231172041.GA24330@nibiru.local> <4598CCC5.2090908@armispiansystems.ca> <20070101174852.GA22582@nibiru.local> <459A7AB8.8060008@badapple.net>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <459A7AB8.8060008@badapple.net>
User-Agent: Mutt/1.4.1i
X-Terror: bin laden, kill bush, Briefbombe, Massenvernichtung, KZ, 
X-Nazi: Weisse Rasse, Hitlers Wiederauferstehung, 42, 
X-Antichrist: weg mit schaeuble, ausrotten, heiliger krieg, al quaida, 
X-Killer: 23, endloesung, Weltuntergang, 
X-Doof: wer das liest ist doof
X-Archives-Salt: 1aa82899-da23-41e5-a964-3dfea20ea407
X-Archives-Hash: cc22d71bb2cd520a63845d14e41e97d9

* kashani <kashani-list@badapple.net> wrote:

> Some people prefer to give their webapps limited insert, update, and 
> delete access and it's likely that Mediawiki's updates require alter, 
> create, drop, and file access which might be why they say to use an 
> account with root privileges.

For larger (not web-only) applications I can understand giving 
several subsystems specific access via separate views. But for
an monolithic web(-only)-app like mediawiki, its really useless.
The worst damage an attacker can do is deleting or changing data,
database ownership is not needed for that.

Does anyone known some way (w/o crawling too deep in the code)
for givinb mediawiki the ownership of the database and never ever
require superuser privileges anymore ? 


cu
-- 
---------------------------------------------------------------------
 Enrico Weigelt    ==   metux IT service - http://www.metux.de/
---------------------------------------------------------------------
 Please visit the OpenSource QM Taskforce:
 	http://wiki.metux.de/public/OpenSource_QM_Taskforce
 Patches / Fixes for a lot dozens of packages in dozens of versions:
	http://patches.metux.de/
---------------------------------------------------------------------
-- 
gentoo-user@gentoo.org mailing list