0006983: Permission problems in Kali bugtracker - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0006983	Kali Linux	Kali Websites & Docs	public	2021-01-10 11:27	2024-05-14 16:27

Reporter	kali-bugreport	Assigned To	g0tmi1k
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	no change required

Summary	0006983: Permission problems in Kali bugtracker
Description	Haven't found any better fitting category so had chosen "Kali Websites & Docs". I have noticed that you seems to have some permission problems in this bug tracker for the standard "Reporter" account. For example reporters can "Clone" an issue like happen in e.g. #6912 (clone of 0006903) or #6960 / 0006962 (clone 0006907) plus many additional ones, i don't think that such "Reporters" should have the possibility to Clone existing issues. In addition e.g. "Reporters" can report an issue in the "Queued Tool Addition" category like seen in 0006981:0014079, this probably should be prevented by setting stricter permissions to that category. On the other hand there are too strict permissions and reporters can't even edit their own comments / issues and also can't close them on their own.

kali-bugreport 2021-01-10 14:04 reporter ~0014093	TLDR; Suggestions for the permissions of the "Reporter" level: Disallow "Clone" functionality Disallow creating issues in the "Queued Tool Addition" category Allow editing the own issues / comments Allow closing the own issues

kali-bugreport 2021-03-13 11:13 reporter ~0014342	Aaaaaand, it happened again: #7096, #7095, #7094 which are all three wrongly done clones of 0007044 You should really really rework your permissions, at least for the "Reporter" level.

kali-bugreport 2021-03-13 11:33 reporter ~0014343	#7097 is also a clone of 0007068 done by the same user...

kali-bugreport 2021-03-20 05:50 reporter ~0014375	And another one: #0007103

kali-bugreport 2021-03-21 12:59 reporter ~0014377	Why are you also allow reporters to change the severity to e.g. intermediate? If anyone can set their own priorities anyone thinks the own bugreport is the most important one.

rhertzog 2021-03-22 11:17 administrator ~0014382 Last edited: 2021-03-22 11:17	I would gladly configure mantis to avoid those problems, in fact I already tried... but there's no option to control who can clone. If you can report a bug, then you can clone. You might want to open a feature request to the upstream project. I'm not sure if there's a setting to limit who can change the priority either.

g0tmi1k 2024-05-14 16:27 administrator ~0019271	Ive tried to reduce what options we have enabled, but yeah, this is something that needs to go upstream https://mantisbt.org/support.php

Date Modified	Username	Field	Change
2021-01-10 11:27	kali-bugreport	New Issue
2021-01-10 14:04	kali-bugreport	Note Added: 0014093
2021-03-13 11:13	kali-bugreport	Note Added: 0014342
2021-03-13 11:33	kali-bugreport	Note Added: 0014343
2021-03-20 05:50	kali-bugreport	Note Added: 0014375
2021-03-21 12:59	kali-bugreport	Note Added: 0014377
2021-03-22 11:17	rhertzog	Note Added: 0014382
2021-03-22 11:17	rhertzog	Note Edited: 0014382
2024-05-14 16:27	g0tmi1k	Note Added: 0019271
2024-05-14 16:27	g0tmi1k	Assigned To	=> g0tmi1k
2024-05-14 16:27	g0tmi1k	Status	new => closed
2024-05-14 16:27	g0tmi1k	Resolution	open => no change required