[Building Sakai] samigo privilege escalation?

Rehberg, Stephen D stephen at cetl.gatech.edu
Tue Jul 19 05:04:46 PDT 2011 

The report we had at Georgia Tech was in Samigo 2.5 and that one student was looking at the Question Pool. We suspect that she was really looking at the Table of Contents view which looks very much like the Question Pool view, and since the instructor had released the quiz one question at a time, she was alarmed to see all the questions in one screen.

We checked all logs possible and could not find any evidence that the student had admin access to the quiz, but as part of due diligence we will personally monitor the next Samigo test for that class just to verify that nothing out of the ordinary did happen.

Stephen Rehberg 
CETL/Ed Tech 
404-894-7569 
404-894-4475 

----- Original Message -----
From: "Charles Hedrick" <hedrick at rutgers.edu>
To: "D. Stuart Freeman" <stuart.freeman at et.gatech.edu>
Cc: sakai-dev at collab.sakaiproject.org
Sent: Monday, July 18, 2011 5:46:29 PM
Subject: Re: [Building Sakai] samigo privilege escalation?

We had a report of a student being able to edit a quiz. We couldn't find anything, but the access log verifies that he was actually doing that. This is 2.8.0

On Jul 1, 2011, at 2:29 PM, D. Stuart Freeman wrote:

> We've received a report of an instructor witnessing a student viewing her
> samigo question pool. The student was having trouble starting an
> assessment, called the instructor over, and the instructor reports seeing
> the question pools on the student's screen.
> 
> Our event table dosn't show anything out of the ordinary for the two
> accounts involved, and switching user to the student account doesn't allow
> us to look at the pools.
> 
> Has anyone else seen anything like this, or have any ideas what might
> cause it? (In case you're wondering we're on 2.5.x, but jira hasn't
> turned up anything that looks relevant).
> 
> -- 
> D. Stuart Freeman
> Georgia Institute of Technology
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> 
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

_______________________________________________
sakai-dev mailing list
sakai-dev at collab.sakaiproject.org
http://collab.sakaiproject.org/mailman/listinfo/sakai-dev

TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

More information about the sakai-dev mailing list