php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #16920 File permissions security problem
Submitted: 2002-04-29 18:47 UTC Modified: 2002-10-08 21:38 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: jr-php at quo dot to Assigned:
Status: Not a bug Package: *Configuration Issues
PHP Version: 4.2.0 OS: Red Hat Linux 7.2
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jr-php at quo dot to
New email:
PHP Version: OS:

 

 [2002-04-29 18:47 UTC] jr-php at quo dot to 
When I run "make install" as root, most of the files installed under /usr/local/include/php have a user id of 500, a group id of 500, and a mode of 664. This is very insecure for (hopefully) obvious reasons: it gives whichever user who has a numeric id of 500 write access to the files, and also any users in group 500.

Ideally, it should install the files with user id 0, group id 0, and a mode of 644.


Here is my configure line, in case it matters:

./configure --with-apache=../apache_1.3.24 --enable-track-vars \
  --with-mysql --with-zlib --with-gd

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-29 19:38 UTC] sniper@php.net 
The bug system is not the appropriate forum for asking support
questions. For a list of a range of more appropriate places to ask
for help using PHP, please visit http://www.php.net/support.php
 [2002-04-29 19:40 UTC] sniper@php.net 
Oops. This is Makefile issue, of course. 
'make install' should set these.
 [2002-09-17 21:02 UTC] iliaa@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip
 [2002-10-08 21:38 UTC] sniper@php.net 
Check your umask, that's propably the reason for this.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 15:01:29 2024 UTC