[wp-trac] Re: [WordPress Trac] #7779: Automatic plugin upgrade
doesn't detect the effective uid correctly.
WordPress Trac
wp-trac at lists.automattic.com
Tue Oct 14 22:42:23 GMT 2008
#7779: Automatic plugin upgrade doesn't detect the effective uid correctly.
-------------------------------+--------------------------------------------
Reporter: jamuraa | Owner: DD32
Type: defect | Status: new
Priority: normal | Milestone:
Component: Administration | Version: 2.6.1
Severity: normal | Resolution:
Keywords: reporter-feedback |
-------------------------------+--------------------------------------------
Comment (by jamuraa):
I have a case like this, and I would expect that it is the case on many
servers. The webserver runs as www-data, and the files are owned by
jamuraa (myself). The webserver can write to every directory and file in
the site directory because the files are set to group www-data, and the
group write bits are set (and sgid as well). I am not running suPHP.
The file is created with uid www-data and group www-data, correctly
because the process is running as www-data. The script is owned by
jamuraa (getmyuid() returns jamuraa's uid).
This bug specifically occurs because the effective UID is not the same as
the UID which owns the script in the filesystem, but the process has
rights to write to all the files required.
To summarize:
{{{
webserver runs as user www-data
files are owned by jamuraa
webserver runs the php script as user www-data
getmyuid() returns jamuraa
posix_getuid() returns www-data
$temp_file gets written with owner www-data
}}}
Applying the patch above allows direct fs access, if I switch back to
getmyuid(), I get a ftp page.
If you need any more information just ask, I'm watching the bug.
--
Ticket URL: <http://trac.wordpress.org/ticket/7779#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list