Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 13 May 2004 08:58:58 -0700 (PDT)
From:      Jeremy Chadwick <freebsd@jdc.parodius.com>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/66612: phpmyadmin port incompatible with suphp, insecure perms on default config
Message-ID:  <200405131558.i4DFwwdZ031868@pentarou.parodius.com>
Resent-Message-ID: <200405131600.i4DG0juv023420@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         66612
>Category:       ports
>Synopsis:       phpmyadmin port incompatible with suphp, insecure perms on default config
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 13 09:00:45 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Jeremy Chadwick
>Release:        FreeBSD 4.10-PRERELEASE i386
>Organization:
Parodius Networking
>Environment:
System: FreeBSD pentarou.parodius.com 4.10-PRERELEASE FreeBSD 4.10-PRERELEASE #0: Wed May 5 03:33:17 PDT 2004 root@pentarou.parodius.com:/usr/obj/usr/src/sys/PENTAROU i386
>Description:
	By default, installing ports/databases/phpmyadmin results in the
	installation dirs/files being owned by root:wheel.  This is a
	problem for those of us who rely on ports/www/suphp, where the
	files' owner:group needs to be something >= 80:80.
	
	The included patch does a chown to the apache user/group after
	the installation has completed.  The APACHE_USER and APACHE_GROUP
	tweaks are taken from ports/www/suphp so there's compatibility.
	
	In addition, the patch also sets some secure permissions on
	the config.inc.php.sample file, so that administrators using
	it as a template note that the perms should be 640 (or 660).
	It SHOULD NOT be globally readable.  The other files are fine.
	
	Port maintainer has been CC'd in this send-pr.
>How-To-Repeat:
	Install ports/www/php4-cgi and ports/www/suphp.  Then install
	ports/databases/phpmyadmin, and try to access the phpMyAdmin dir
	via a browser.  You'll get an internal server error.
	
	For config.inc.php.sample, just look at the perms.
>Fix:
	See attached diff/patch below.


diff -ruN phpmyadmin.orig/Makefile phpmyadmin/Makefile
--- phpmyadmin.orig/Makefile	Sun Mar 28 10:34:39 2004
+++ phpmyadmin/Makefile	Thu May 13 08:53:07 2004
@@ -7,6 +7,7 @@
 
 PORTNAME=	phpMyAdmin
 PORTVERSION=	2.5.6
+PORTREVISION=	1
 CATEGORIES=	databases www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	phpmyadmin
@@ -18,12 +19,15 @@
 USE_PHP=	yes
 NO_BUILD=	yes
 
+APACHE_USER?=	${WWWOWN}
+APACHE_GROUP?=	${WWWGRP}
 MYADMDIR?=	www/data/phpMyAdmin
 
 PLIST_SUB+=	MYADMDIR=${MYADMDIR}
 
 post-patch:
 	@${MV} ${WRKSRC}/config.inc.php ${WRKSRC}/config.inc.php.sample
+	@${CHMOD} 640 ${WRKSRC}/config.inc.php.sample
 
 do-install:
 	@${MKDIR} ${PREFIX}/${MYADMDIR}
@@ -31,5 +35,6 @@
 		${XARGS} -n1 ${SH} -c 'if ${TEST} -d $$0; \
 			then ${MKDIR} ${PREFIX}/${MYADMDIR}$${0#${WRKSRC}}; \
 			else ${INSTALL_DATA} $$0 ${PREFIX}/${MYADMDIR}$${0#${WRKSRC}}; fi'
+	@${CHOWN} -R ${APACHE_USER}:${APACHE_GROUP} ${PREFIX}/${MYADMDIR}
 
 .include <bsd.port.mk>
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405131558.i4DFwwdZ031868>