From owner-freebsd-hackers Mon Mar 10 10:39:50 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B6AE37B401 for ; Mon, 10 Mar 2003 10:39:49 -0800 (PST) Received: from smtp010.tiscali.dk (smtp010.tiscali.dk [212.54.64.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0191C43FB1 for ; Mon, 10 Mar 2003 10:39:48 -0800 (PST) (envelope-from dslb@tiscali.dk) Received: from cpmail.dk.tiscali.com (mail.tiscali.dk [212.54.64.159]) by smtp010.tiscali.dk (8.12.5/8.12.5) with ESMTP id h2AIdi50020589 for ; Mon, 10 Mar 2003 19:39:45 +0100 (MET) Received: from [212.242.239.73] by cpmail.dk.tiscali.com with HTTP; Mon, 10 Mar 2003 19:39:13 +0100 Date: Mon, 10 Mar 2003 19:39:13 +0100 Message-ID: <3E4A9619000044DD@cpfe2.be.tisc.dk> From: dslb@tiscali.dk Subject: Insecure PHP installation? To: hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-15" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all I know PHP is not in the base system, but I thought I could ask here anyw= ay. I have installed PHP on my FreeBSD 4.7 computer and did a "find / -perm +0002". I could see that /usr/local/bin/pear is a script and world writab= le, isn't that a little dangerous? br socketd ps: Please CC to me as I am not on the list (I think). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message