[Building Sakai] samigo privilege escalation?
Charles Hedrick
hedrick at rutgers.edu
Mon Jul 18 14:46:29 PDT 2011
We had a report of a student being able to edit a quiz. We couldn't find anything, but the access log verifies that he was actually doing that. This is 2.8.0
On Jul 1, 2011, at 2:29 PM, D. Stuart Freeman wrote:
> We've received a report of an instructor witnessing a student viewing her
> samigo question pool. The student was having trouble starting an
> assessment, called the instructor over, and the instructor reports seeing
> the question pools on the student's screen.
>
> Our event table dosn't show anything out of the ordinary for the two
> accounts involved, and switching user to the student account doesn't allow
> us to look at the pools.
>
> Has anyone else seen anything like this, or have any ideas what might
> cause it? (In case you're wondering we're on 2.5.x, but jira hasn't
> turned up anything that looks relevant).
>
> --
> D. Stuart Freeman
> Georgia Institute of Technology
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
More information about the sakai-dev
mailing list