[wp-hackers] Lost categories upgrading to 2.5.1

Elliotte Harold elharo at metalab.unc.edu
Wed Apr 30 15:07:10 GMT 2008


Kimmo Suominen wrote:
> On Tue, Apr 29, 2008 at 10:35:35PM -0700, Elliotte Harold wrote:
>> WordPress should not assume it is running with sufficient 
>> privileges to do this. :-(
> 
> On the other hand, if WordPress was able to complete its installation,
> it must have had the CREATE capability.  Why should it then prepare for
> the case that somebody has taken capabilities away...  It is just extra
> bloat in the code.

In fact, I'm a counterexample that the CREATE privilege was necessary to 
complete installation. In my case, it wasn't, probably because I 
transferred from a different system.

> It won't be feasible to check for every possible misconfiguration out
> there.  I think it is more feasible to accept that misconfiguration will
> result in unwanted behaviour.
> 

I deny that this is a misconfiguration. Running with minimum privileges 
is a sensible security measure.

Regardless, there is no excuse for failing to check an error condition 
and notice that a command has failed. That is simply poor programming.

-- 
Elliotte Rusty Harold  elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/


More information about the wp-hackers mailing list