From owner-freebsd-questions Tue Mar 18 4:20: 2 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C828637B401 for ; Tue, 18 Mar 2003 04:20:01 -0800 (PST) Received: from cicero2.cybercity.dk (cicero2.cybercity.dk [212.242.40.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B7C743F93 for ; Tue, 18 Mar 2003 04:19:58 -0800 (PST) (envelope-from db@traceroute.dk) Received: from user1.cybercity.dk (fxp0.user1.ip.cybercity.dk [212.242.41.34]) by cicero2.cybercity.dk (Postfix) with ESMTP id 076821000CA for ; Tue, 18 Mar 2003 13:19:56 +0100 (CET) Received: from main (port132.ds1-arsy.adsl.cybercity.dk [212.242.239.73]) by user1.cybercity.dk (Postfix) with ESMTP id 6CA91226 for ; Tue, 18 Mar 2003 13:19:55 +0100 (CET) Date: Tue, 18 Mar 2003 13:22:17 +0100 From: Socketd To: freebsd-questions@freebsd.org Subject: Insecure PHP installation Message-ID: <20030318122217.GA136@main> Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=ISO-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Mailer: Balsa 2.0.9 Lines: 17 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi About 2 weeks ago I wrote to hackers@freebsd.org concerning my discovery of mod_php installing files world writable (amoung these atleast one script). They told me to write the maintainer dirk@freebsd.org, which I have done twice now and have not received an answer. I have a FreeBSD 4.7-p7 computer with mod_php 4.3.1 installed and several files are world writable, also a script /usr/local/bin/pear, so I hope someone can do something about this or tell me that it is supposed to be like this. Please CC to me as I am NOT on the list. br socketd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message