[wp-trac] [WordPress Trac] #21251: Media uploads ignore FS_CHMOD_FILE

WordPress Trac wp-trac at lists.automattic.com
Fri Jul 13 02:33:58 UTC 2012


#21251: Media uploads ignore FS_CHMOD_FILE
--------------------------+-----------------------------
 Reporter:  mikewolf53    |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Media         |    Version:  3.4.1
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 = To Reproduce: =

 1.  Have Apache configured such that secure permissions are as follows:
 * 0710 directories
 * 0600 PHP files
 * 0640 All other files (anything that must be read by Apache rather than
 PHP)

 2.  Set permissions on all files and directories as described above.

 3.  Set the following in your wp-config.php
 {{{
 define('FS_CHMOD_DIR', (0710 & ~ umask()));
 define('FS_CHMOD_FILE', (0640 & ~ umask()));
 }}}

 4.  Upload a file using your media library.

 5.  Notice that the uploaded file has permissions of 0600 instead of 640.

 = Expected Result =
 Files uploaded should obey the FS_CHMOD_FILE directive, and the uploaded
 file should have permissions of 0640.

 = Actual Result =
 Wikipedia sets permissions of the file by taking its parent directory's
 permissions and stripping the executable bits, leaving the file unreadable
 to Apache.  The result is 0600.

 = Relevant Info =

 These files (and likely more) ignore FS_CHMOD_FILE when uploading files to
 the server:

 /wp-includes/functions.php
 {{{
         // Set correct file permissions
         $stat = @ stat( dirname( $new_file ) );
         $perms = $stat['mode'] & 0007777;
         $perms = $perms & 0000666;
         @ chmod( $new_file, $perms );
 }}}

 /wp-includes/media.php
 {{{
         // Set correct file permissions
         $stat = stat( dirname( $destfilename ));
         $perms = $stat['mode'] & 0000666; //same permissions as parent
 folder, strip off the executable bits
         @ chmod( $destfilename, $perms );
 }}}


 /wp-admin/includes/file.php
 {{{
         // Set correct file permissions
         $stat = stat( dirname( $new_file ));
         $perms = $stat['mode'] & 0000666;
         @ chmod( $new_file, $perms );
 }}}

 This is problematic in the case where suEXEC+fcgid or suPHP are being used
 and Apache has group ownership on files/directories.  In this case, the
 secure permissions would be:
 * 0710 directories
 * 0600 PHP files
 * 0640 All other files (anything that must be read by Apache rather than
 PHP)

 The code in each of the files above causes files to be uploaded with
 permissions of 600, which is unreadable by Apache.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21251>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list