Concerned about loose file modes on installation files
13 views
Skip to first unread message
Douglas Goodall
unread,
Dec 9, 2016, 1:24:34 PM12/9/16
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ICEcoder
I successfully installed ICEcode 5.7 today on CentOS 7 and it seems to be working. I am however concerned about the protection level of the installed files.
Normally I run cgi scripts as 755 so they can only be modified using the owner userid.
Am I needlessly concerned about the vulnerability? Or is this ok for some reason I don't understand yet?
Thanks, Doug
Matt Pass
unread,
Jan 26, 2017, 8:15:10 AM1/26/17
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ICEcoder
Sorry for the delay in replying. The dirs.mentioned need to be writeable by PHP - which can be done by changing the permissions or ownership, the latter you're right - is often seen as a better solution.