id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc,release 291,wrong permissions for anonymous users,mark@…,puffy,"== what is buggy == Anonymous cannot be granted rights. == how to reproduce == Just grant '''''anonymous''''' permission {{{WIKI_VIEW}}} and modify these files accordingly: {{{ # excerpt of conf/trac.ini [wiki] ignore_missing_pages = false authz_svn_module_name = tracwiki authorization_mode = require_all authz_file = conf/authz.conf }}} {{{ # conf/authz.conf [groups] [tracwiki:/] * = r }}} You will see this error on every page in the wiki: WIKI_VIEW authorization on wiki:WikiStart is necessary to perform this operation. If you log in everything seems fine, but... == security hole! == ... the user which logged in has suddenly WIKI_ADMIN rights preserved on every page, although only reading was permitted to everyone!!! ",defect,closed,normal,WikiRbacPatch,normal,invalid,,,0.9