[wp-trac] [WordPress Trac] #9529: wp-config.php created with global
write privs
WordPress Trac
wp-trac at lists.automattic.com
Mon Apr 13 19:34:06 GMT 2009
#9529: wp-config.php created with global write privs
--------------------------+-------------------------------------------------
Reporter: jonasc | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Security | Version:
Severity: major | Keywords:
--------------------------+-------------------------------------------------
wp-config.php is created with global read and write privileges when
running through the install process.
* Using Wordpress 2.7.1 (as downloaded from wordpress.org on Apr. 13)
* Installing to a Linux server with PHP 5.2.4 installed as an fcgi
* choosing to have the install process create a wp_config.php file for me
(as opposed to uploading a custom one)
{{{
ls -lah wp/wp-config.php
-rw-rw-rw- 1 web web 2.5K Apr 13 12:10 wp/wp-config.php
}}}
I'd suggest slightly stricter permissions by default :)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9529>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list