Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add config.php option to enable mounting local storage #26801

Closed
pmaier1 opened this issue Dec 8, 2016 · 2 comments
Closed

Add config.php option to enable mounting local storage #26801

pmaier1 opened this issue Dec 8, 2016 · 2 comments
Labels
app:files_external enhancement security settings:admin status/STALE
Milestone
10.0

Comments

@pmaier1
Copy link
Contributor

pmaier1 commented Dec 8, 2016

Currently an admin is able to mount the local root file system via files_external and (depending on permissions of the web server user) get access to all files that are not explicitly protected. In the web server document root you even have write access. I'd consider this as a real security flaw that should be turned off by default with the possibility to explicitly activate it if needed.

Proposal:
Add config.php option 'mount_local_storage' => false

@PVince81 @DeepDiver1975 @hodyroff
@pmaier1 pmaier1 added this to the 10.0 milestone Dec 8, 2016
@PVince81
Copy link
Contributor

PVince81 commented Dec 8, 2016

Duplicate of #26653

@PVince81 PVince81 closed this as completed Dec 8, 2016
@lock
Copy link

lock bot commented Jul 31, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Jul 31, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
app:files_external enhancement security settings:admin status/STALE
Projects
None yet
Milestone
10.0
Development

No branches or pull requests
3 participants
@PVince81 @pmaier1 @ownclouders