Last modified: 2010-05-15 15:51:54 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 11209 - Image directories vulnerable to other local users
Image directories vulnerable to other local users
Product: MediaWiki
Classification: Unclassified
Uploading (Other open bugs)
All All
: Normal enhancement (vote)
: ---
Assigned To: Chad H.
Depends on: 14593
  Show dependency treegraph
Reported: 2007-09-06 09:10 UTC by Marti Raudsepp
Modified: 2010-05-15 15:51 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Patch to make directory modes configurable (5.04 KB, patch)
2007-09-06 09:10 UTC, Marti Raudsepp

Description Marti Raudsepp 2007-09-06 09:10:07 UTC
Created attachment 4080 [details]
Patch to make directory modes configurable

Currently, MediaWiki creates all directories (e.g., for the image upload hash) with UNIX mode 0777, which means that any user who is able to read the images, can also change them. This causes problems on shared hosting setups which rely on UNIX permissions to isolate users: htdocs directories are world-readable because they need to be accessible by the httpd.

Thus, the directory creation mode is an administrative setting, not something that can be decided from the code. I have attached a patch which makes this configurable, defaulting to the safe 0755 mode. Vulnerable by default is not an option.

More elaborate description in the attached patch.
Comment 1 Chad H. 2008-07-31 02:38:46 UTC
This has been partially implemented.
Comment 2 Chad H. 2008-09-19 17:15:45 UTC
As an update...

The only instances of mkdir() left are in ~/maintenance, so for most people, directories should be created with respect to $wgDirectoryMode. I'll be poking at the maintenance scripts as well to see if we can phase any of the mkdir()'s in favor of wfMkdirParents().

A few scattered chmod() calls left, probably needs looking at as well (either removing or using $wgDirectoryMode, as needed).
Comment 3 Chad H. 2009-02-18 02:15:22 UTC
I'm going to go ahead and mark this FIXED at this point. Except for the instances I noted above (in ./maintenance, and only a few instances there), this has largely been handled and image directories are made by whatever permission specified in config.

Note You need to log in before you can comment on or make changes to this bug.