php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #23179 PEAR.php and others are installed chmod 666 by default
Submitted: 2003-04-12 12:19 UTC Modified: 2003-05-18 11:53 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: Marius at LowVoice dot nl Assigned: ssb (profile)
Status: Closed Package: PEAR related
PHP Version: 4.3.1 OS: debian linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: Marius at LowVoice dot nl
New email:
PHP Version: OS:

 

 [2003-04-12 12:19 UTC] Marius at LowVoice dot nl
I've found that on our systems files in PEAR (/usr/local/php/share/pear/*)
have unsafe modes (666)
basicaly this enables anyone on the system that has the ability to edit files to change the files to their liking.
For instance the MAIL module of PEAR could easily be modified to send duplicates of all mail send by PEAR to their address. 

I've been able to reproduce this with a clean install of php4.3.1 that i've downloaded today.

I think it's a pretty straitforward issue that doesn't require more info on the matter, however i'll be happy to be of more assistance if needed.

Marius Karthaus
Senior Systems Administrator 
LowVoice.com


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-04-28 03:51 UTC] arnaud@php.net
Assigning to stig.
 [2003-04-28 03:56 UTC] arnaud@php.net
changing status (alan got me again ;)
 [2003-05-12 09:58 UTC] meebey@php.net
this bug is fixed in PEAR 1.1, it was a problem with Config... pear config-show should show you a umask of 22 if not upgrade your PEAR installation..
the bug was that the umask was wrong calculated, and the installed packages got the wrong chmods...

for already installed packages the chmod must be changed manualy, goto the PEAR installation directy and do:
find -perm 666 -type f -exec chmod og-w {} \;
this should remove the write right for all wrong chmoded package files....

 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Sep 17 08:03:36 2021 UTC