ports/158824: devel/flyspray: share/flyspray/flyspray.conf.php remains with access mode rw-rw-rw after new installation!
Hartmann at FreeBSD.org
Hartmann at FreeBSD.org
Tue Jul 12 05:40:09 UTC 2011
>Number: 158824
>Category: ports
>Synopsis: devel/flyspray: share/flyspray/flyspray.conf.php remains with access mode rw-rw-rw after new installation!
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jul 12 05:40:06 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Hartmann, O.
>Release: FreeBSD 8.2/9.0
>Organization:
FU Berlin
>Environment:
>Description:
After an installation of devel/flyspray, the PHP config file in /usr/local/share/flyspray, called flyspray.conf.php, remains world read- and writable. This file contains the access credentials for accessing the admin account for the flyspray database. it should be protected more carefully according to the setup, say r------ (octal 400).
If one does not take care about this the server remains a kind of vulnerable after flyspray installation and setup.
>How-To-Repeat:
Install devel/flyspray.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list