[pmwiki-users] umask'ing wiki.d
Robin
robin at kallisti.net.nz
Wed Feb 2 05:14:02 CST 2005
On Tuesday 01 February 2005 05:19, Patrick R. Michaud wrote:
> Setting umask(007) as default is probably a good idea; I just need to think
> about it a little more to make sure I've covered all the bases and
> won't break a lot of sites by doing that. :-|
I was going to reply and say that I don't think it could break anything...and
then it went and broke something else on my server.
It seems that, due to a quirk of PHP, the umask applies to all instances of
PHP that are running, even if they run something unrelated. And so I got bit
when I ran a script (as myself) against files that people upload to a
PHP-driven form elsewhere on my site, and those files were no longer
readable. While umask(007) is definitely a security benefit, it looks like it
should be done with a little care.
--
Robin <robin at kallisti.net.nz> JabberID: <eythian at jabber.org>
Hostes alienigeni me abduxerunt. Qui annus est?
PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/pmwiki-users/attachments/20050203/52519369/attachment.bin
More information about the pmwiki-users
mailing list