Date: Mon, 10 Mar 2003 16:27:44 -0800 From: Wes Peters <wes@softweyr.com> To: Doug Barton <DougB@FreeBSD.org>, dslb@tiscali.dk Cc: hackers@freebsd.org Subject: Re: Insecure PHP installation? Message-ID: <200303101627.44459.wes@softweyr.com> In-Reply-To: <20030310105901.L11058@znfgre.tberna.bet> References: <3E4A9619000044DD@cpfe2.be.tisc.dk> <20030310105901.L11058@znfgre.tberna.bet>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 10 March 2003 10:59, Doug Barton wrote:
> On Mon, 10 Mar 2003 dslb@tiscali.dk wrote:
> > Hi all
> >
> > I know PHP is not in the base system, but I thought I could ask here
> > anyway.
>
> You should have asked this on freebsd-ports@freebsd,org, and cc'ed the
> PHP maintainer, FYI.
>
> > I have installed PHP on my FreeBSD 4.7 computer and did a "find /
> > -perm +0002". I could see that /usr/local/bin/pear is a script and
> > world writable, isn't that a little dangerous?
>
> That's definitely bad, yes. Please use send-pr to file a problem report
> about this.
I have PHP installed from the port on my system:
-bash-2.05b$ pkg_info | grep php
mod_php4-4.2.3 PHP4 module for Apache
It does not seem to exhibit this problem:
-bash-2.05b$ ls -l /usr/local/bin/pear
-rwxr-xr-x 1 root wheel 5957 Dec 21 18:01 /usr/local/bin/pear
Did you install from the package? If not, why not? If so, is your
package different from mine or has your installation been changed after
the fact?
--
Where am I, and what am I doing in this handbasket?
Wes Peters wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303101627.44459.wes>