[rt-users] Oddity after security patches

Kevin Falcone falcone at bestpractical.com
Thu Apr 21 11:55:27 EDT 2011


On Thu, Apr 21, 2011 at 11:49:24AM -0400, Jeff Blaine wrote:
> Our RT-Extension-SpawnLinkedTicketInQueue 0.04 broke
> after the security patching our 3.8.7 instance with the
> 3.8.6 patch as directed by the README.
> 
> We were getting 403 (Permission denied) when clicking
> "Create new child ticket in OtherQueue"

RT blocks direct access to /Elements/ as part of this update

> It *appears* the fix is setting the extensions
> various files to 755 instead of the discovered 444.
> Perhaps this is how they should have been all along,
> but RT was lenient before the security patches, where
> it's not now?

This was not the fix

> We also (today, as part of the fix attempt) upgraded
> to RT-Extension-SpawnLinkedTicketInQueue 0.05, though
> I really don't think that helped solve this particular
> issue.  It really seemed to be the perms.

This was the fix, Ruslan fixed the extension and uploaded a fixed
version.

http://lists.bestpractical.com/pipermail/rt-users/2011-April/070033.html

-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110421/7aa1215c/attachment.sig>


More information about the rt-users mailing list