|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2003-04-12 12:19 UTC] Marius at LowVoice dot nl
I've found that on our systems files in PEAR (/usr/local/php/share/pear/*) have unsafe modes (666) basicaly this enables anyone on the system that has the ability to edit files to change the files to their liking. For instance the MAIL module of PEAR could easily be modified to send duplicates of all mail send by PEAR to their address. I've been able to reproduce this with a clean install of php4.3.1 that i've downloaded today. I think it's a pretty straitforward issue that doesn't require more info on the matter, however i'll be happy to be of more assistance if needed. Marius Karthaus Senior Systems Administrator LowVoice.com PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Dec 17 05:00:01 2025 UTC |
this bug is fixed in PEAR 1.1, it was a problem with Config... pear config-show should show you a umask of 22 if not upgrade your PEAR installation.. the bug was that the umask was wrong calculated, and the installed packages got the wrong chmods... for already installed packages the chmod must be changed manualy, goto the PEAR installation directy and do: find -perm 666 -type f -exec chmod og-w {} \; this should remove the write right for all wrong chmoded package files....