From owner-freebsd-hackers Mon Mar 10 16:27:48 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B38E37B401; Mon, 10 Mar 2003 16:27:46 -0800 (PST) Received: from smtp-relay.omnis.com (smtp-relay.omnis.com [216.239.128.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id DCA0D43FD7; Mon, 10 Mar 2003 16:27:45 -0800 (PST) (envelope-from wes@softweyr.com) Received: from softweyr.homeunix.net (66-75-151-22.san.rr.com [66.75.151.22]) by smtp-relay.omnis.com (Postfix) with ESMTP id BCA904346D; Mon, 10 Mar 2003 16:27:44 -0800 (PST) From: Wes Peters Organization: Softweyr To: Doug Barton , dslb@tiscali.dk Subject: Re: Insecure PHP installation? Date: Mon, 10 Mar 2003 16:27:44 -0800 User-Agent: KMail/1.5 Cc: hackers@freebsd.org References: <3E4A9619000044DD@cpfe2.be.tisc.dk> <20030310105901.L11058@znfgre.tberna.bet> In-Reply-To: <20030310105901.L11058@znfgre.tberna.bet> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200303101627.44459.wes@softweyr.com> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Monday 10 March 2003 10:59, Doug Barton wrote: > On Mon, 10 Mar 2003 dslb@tiscali.dk wrote: > > Hi all > > > > I know PHP is not in the base system, but I thought I could ask here > > anyway. > > You should have asked this on freebsd-ports@freebsd,org, and cc'ed the > PHP maintainer, FYI. > > > I have installed PHP on my FreeBSD 4.7 computer and did a "find / > > -perm +0002". I could see that /usr/local/bin/pear is a script and > > world writable, isn't that a little dangerous? > > That's definitely bad, yes. Please use send-pr to file a problem report > about this. I have PHP installed from the port on my system: -bash-2.05b$ pkg_info | grep php mod_php4-4.2.3 PHP4 module for Apache It does not seem to exhibit this problem: -bash-2.05b$ ls -l /usr/local/bin/pear -rwxr-xr-x 1 root wheel 5957 Dec 21 18:01 /usr/local/bin/pear Did you install from the package? If not, why not? If so, is your package different from mine or has your installation been changed after the fact? -- Where am I, and what am I doing in this handbasket? Wes Peters wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message