php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #22454 world-writeable files in php's library [see bug #20195]
Submitted: 2003-02-27 06:46 UTC Modified: 2003-02-27 09:57 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:1 (33.3%)
From: gpt at tirloni dot org Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 4.3.1 OS: FreeBSD 4.7-p3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: gpt at tirloni dot org
New email:
PHP Version: OS:

 

 [2003-02-27 06:46 UTC] gpt at tirloni dot org 
 I installed php 4.3.0 from the FreeBSD's ports collection and it installed some files in /usr/local/lib/php with world-writeable permissions. After updating to 4.3.1 the problem persisted and a friend of mine (jmelo@freebsdbrasil.com.br) also reported that he installed 4.3.0 by hand on FreeBSD and it also had the world-writeable files in /usr/local/lib/php.

 Version 4.2.3 of PHP on a FreeBSD 4.6.2 didn't show this problem and I didn't try to update it to 4.3.1 yet.

 Sorry but I don't have a Linux system right now to update to 4.3.1 and see if the problem persists. At first I thought it was a FreeBSD port's problem but installing it manually didn't help so the port's system isn't involved in this (I guess).

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-02-27 07:26 UTC] gpt at tirloni dot org 
# find /usr/local/lib -perm -0002
 [2003-02-27 08:45 UTC] iliaa@php.net 
What was your umask set to when you ran make install?
 [2003-02-27 08:48 UTC] gpt at tirloni dot org 
umask 022
 [2003-02-27 08:59 UTC] gpt at tirloni dot org 
I just installed /usr/ports/www/mod_php4 version 4.3.1 on a FreeBSD 4.7-RELEASE-p3 that didn't have php previously installed and it installed the world-writeable files again.

The umask was 022 and the ports collection was updated before the make install from cvsup9.FreeBSD.ORG. The apache used this time was 2.0.44 (it that matters), others were 1.3.27.
 [2003-02-27 09:10 UTC] sniper@php.net 
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. Because of this, we hope you add your comments
to the existing bug instead.

Thank you for your interest in PHP.

See bug #20195
 [2003-02-27 09:26 UTC] gpt at tirloni dot org 
Sorry, I missed that other bug report.

That bug report was opened in October 2002. How was it fixed? The author updated it to 4.3.2-dev it seems.

4.3.1 was released these days and didn't fix the problem.

Thank you.
 [2003-02-27 09:32 UTC] sniper@php.net 
That one is still open, so please don't reopen this one anymore. Add your comments there..
 [2003-02-27 09:47 UTC] gpt at tirloni dot org 
updating status to reflect duplication (bug #20195).
 [2003-02-27 09:57 UTC] sniper@php.net 
PLEASE don't touch this anymore..
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun May 19 16:01:31 2024 UTC