[wp-trac] [WordPress Trac] #21855: Several files are group writable, breaking suPHP–based setups
WordPress Trac
wp-trac at lists.automattic.com
Sun Sep 9 11:17:39 UTC 2012
#21855: Several files are group writable, breaking suPHP–based setups
----------------------------+-----------------------------
Reporter: JeremyVisser | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 3.4.2
Severity: normal | Keywords:
----------------------------+-----------------------------
After upgrading to WordPress 3.4.2, I found the following files are group
writable:
* wp-admin/about.php
* wp-admin/setup-config.php
* wp-admin/includes/class-wp-themes-list-table.php
* wp-admin/includes/class-wp-plugins-list-table.php
* wp-admin/includes/meta-boxes.php
* wp-admin/includes/update-core.php
* wp-admin/includes/class-wp-upgrader.php
* wp-admin/includes/class-wp-ms-themes-list-table.php
* wp-admin/plugins.php
* wp-admin/index.php
* wp-admin/js/link.dev.js
* wp-admin/js/link.js
* wp-admin/js/customize-controls.js
* wp-admin/js/post.dev.js
* wp-admin/js/post.js
* wp-admin/js/customize-controls.dev.js
An example {{{ls -l}}}:
{{{
-rw-rw-r-- 1 wordpress www-data 5473 Sep 7 08:15 /var/www/wordpress/wp-
admin/index.php
}}}
This is in contrast to the majority of files:
{{{
-rw-r--r-- 1 wordpress www-data 395 Jun 14 18:14
/var/www/wordpress/index.php
}}}
This causes suPHP errors such as the following:
{{{
SoftException in Application.cpp:249: File "/var/www/wordpress/wp-
admin/index.php" is writeable by group
Premature end of script headers: index.php
}}}
A temporary workaround is to {{{chmod g-w}}} these files on my end, but
the permissions get overwritten every time an SVN update occurs.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21855>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list