Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 Mar 2003 16:27:44 -0800
From:      Wes Peters <wes@softweyr.com>
To:        Doug Barton <DougB@FreeBSD.org>, dslb@tiscali.dk
Cc:        hackers@freebsd.org
Subject:   Re: Insecure PHP installation?
Message-ID:  <200303101627.44459.wes@softweyr.com>
In-Reply-To: <20030310105901.L11058@znfgre.tberna.bet>
References:  <3E4A9619000044DD@cpfe2.be.tisc.dk> <20030310105901.L11058@znfgre.tberna.bet>

next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 10 March 2003 10:59, Doug Barton wrote:
> On Mon, 10 Mar 2003 dslb@tiscali.dk wrote:
> > Hi all
> >
> > I know PHP is not in the base system, but I thought I could ask here
> > anyway.
>
> You should have asked this on freebsd-ports@freebsd,org, and cc'ed the
> PHP maintainer, FYI.
>
> > I have installed PHP on my FreeBSD 4.7 computer and did a "find /
> > -perm +0002". I could see that /usr/local/bin/pear is a script and
> > world writable, isn't that a little dangerous?
>
> That's definitely bad, yes. Please use send-pr to file a problem report
> about this.

I have PHP installed from the port on my system:

-bash-2.05b$ pkg_info | grep php
mod_php4-4.2.3      PHP4 module for Apache

It does not seem to exhibit this problem:

-bash-2.05b$ ls -l /usr/local/bin/pear
-rwxr-xr-x  1 root  wheel  5957 Dec 21 18:01 /usr/local/bin/pear

Did you install from the package?  If not, why not?  If so, is your 
package different from mine or has your installation been changed after 
the fact?

-- 

        Where am I, and what am I doing in this handbasket?

Wes Peters                                               wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303101627.44459.wes>