[pmwiki-users] umask'ing wiki.d

Robin robin at kallisti.net.nz
Wed Feb 2 05:14:02 CST 2005


On Tuesday 01 February 2005 05:19, Patrick R. Michaud wrote:
> Setting umask(007) as default is probably a good idea; I just need to think
> about it a little more to make sure I've covered all the bases and
> won't break a lot of sites by doing that.  :-|
I was going to reply and say that I don't think it could break anything...and 
then it went and broke something else on my server.

It seems that, due to a quirk of PHP, the umask applies to all instances of 
PHP that are running, even if they run something unrelated. And so I got bit 
when I ran a script (as myself) against files that people upload to a 
PHP-driven form elsewhere on my site, and those files were no longer 
readable. While umask(007) is definitely a security benefit, it looks like it 
should be done with a little care.

-- 
Robin <robin at kallisti.net.nz>             JabberID: <eythian at jabber.org>

Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8  7175 14D3 6485 A99C EB6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/pmwiki-users/attachments/20050203/52519369/attachment.bin 


More information about the pmwiki-users mailing list