From owner-freebsd-hackers Mon Mar 10 16:34:24 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3271A37B404; Mon, 10 Mar 2003 16:34:23 -0800 (PST) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CB5843FDF; Mon, 10 Mar 2003 16:34:21 -0800 (PST) (envelope-from DougB@freebsd.org) Received: from 12-234-22-23.client.attbi.com ([12.234.22.23]) by rwcrmhc52.attbi.com (rwcrmhc52) with SMTP id <20030311003420052003s5aae>; Tue, 11 Mar 2003 00:34:20 +0000 Date: Mon, 10 Mar 2003 16:34:20 -0800 (PST) From: Doug Barton To: Wes Peters Cc: dslb@tiscali.dk, dirk@freebsd.org, hackers@freebsd.org Subject: Re: Insecure PHP installation? In-Reply-To: <200303101627.44459.wes@softweyr.com> Message-ID: <20030310163120.A55907@12-234-22-23.pyvrag.nggov.pbz> References: <3E4A9619000044DD@cpfe2.be.tisc.dk> <20030310105901.L11058@znfgre.tberna.bet> <200303101627.44459.wes@softweyr.com> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 10 Mar 2003, Wes Peters wrote: > -bash-2.05b$ pkg_info | grep php > mod_php4-4.2.3 PHP4 module for Apache EANCIENTPHP I think that the problem is specific to 4.3.x. FYI dirk, I did the 'find / -perms +0002' myself, and php is installing a whole bunch of stuff with world write, so this is a bigger issue than just the one script. Doug -- This .signature sanitized for your protection To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message