[wp-hackers] Lost categories upgrading to 2.5.1
elharo at metalab.unc.edu
Wed Apr 30 15:07:10 GMT 2008
Kimmo Suominen wrote:
> On Tue, Apr 29, 2008 at 10:35:35PM -0700, Elliotte Harold wrote:
>> WordPress should not assume it is running with sufficient
>> privileges to do this. :-(
> On the other hand, if WordPress was able to complete its installation,
> it must have had the CREATE capability. Why should it then prepare for
> the case that somebody has taken capabilities away... It is just extra
> bloat in the code.
In fact, I'm a counterexample that the CREATE privilege was necessary to
complete installation. In my case, it wasn't, probably because I
transferred from a different system.
> It won't be feasible to check for every possible misconfiguration out
> there. I think it is more feasible to accept that misconfiguration will
> result in unwanted behaviour.
I deny that this is a misconfiguration. Running with minimum privileges
is a sensible security measure.
Regardless, there is no excuse for failing to check an error condition
and notice that a command has failed. That is simply poor programming.
Elliotte Rusty Harold elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
More information about the wp-hackers