id summary reporter owner description type status priority component severity resolution keywords cc release 291 wrong permissions for anonymous users mark@… puffy "== what is buggy == Anonymous cannot be granted rights. == how to reproduce == Just grant '''''anonymous''''' permission {{{WIKI_VIEW}}} and modify these files accordingly: {{{ # excerpt of conf/trac.ini [wiki] ignore_missing_pages = false authz_svn_module_name = tracwiki authorization_mode = require_all authz_file = conf/authz.conf }}} {{{ # conf/authz.conf [groups] [tracwiki:/] * = r }}} You will see this error on every page in the wiki: WIKI_VIEW authorization on wiki:WikiStart is necessary to perform this operation. If you log in everything seems fine, but... == security hole! == ... the user which logged in has suddenly WIKI_ADMIN rights preserved on every page, although only reading was permitted to everyone!!! " defect closed normal WikiRbacPatch normal invalid 0.9