php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #23179 PEAR.php and others are installed chmod 666 by default
Submitted: 2003-04-12 12:19 UTC Modified: 2003-05-18 11:53 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: Marius at LowVoice dot nl Assigned: ssb (profile)
Status: Closed Package: PEAR related
PHP Version: 4.3.1 OS: debian linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
17 + 3 = ?
Subscribe to this entry?

 
 [2003-04-12 12:19 UTC] Marius at LowVoice dot nl 
I've found that on our systems files in PEAR (/usr/local/php/share/pear/*)
have unsafe modes (666)
basicaly this enables anyone on the system that has the ability to edit files to change the files to their liking.
For instance the MAIL module of PEAR could easily be modified to send duplicates of all mail send by PEAR to their address. 

I've been able to reproduce this with a clean install of php4.3.1 that i've downloaded today.

I think it's a pretty straitforward issue that doesn't require more info on the matter, however i'll be happy to be of more assistance if needed.

Marius Karthaus
Senior Systems Administrator 
LowVoice.com

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-04-28 03:51 UTC] arnaud@php.net 
Assigning to stig.
 [2003-04-28 03:56 UTC] arnaud@php.net 
changing status (alan got me again ;)
 [2003-05-12 09:58 UTC] meebey@php.net 
this bug is fixed in PEAR 1.1, it was a problem with Config... pear config-show should show you a umask of 22 if not upgrade your PEAR installation..
the bug was that the umask was wrong calculated, and the installed packages got the wrong chmods...

for already installed packages the chmod must be changed manualy, goto the PEAR installation directy and do:
find -perm 666 -type f -exec chmod og-w {} \;
this should remove the write right for all wrong chmoded package files....
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 10:01:29 2024 UTC