Last modified: 2010-05-15 15:51:54 UTC
Created attachment 4080 [details]
Patch to make directory modes configurable
Currently, MediaWiki creates all directories (e.g., for the image upload hash) with UNIX mode 0777, which means that any user who is able to read the images, can also change them. This causes problems on shared hosting setups which rely on UNIX permissions to isolate users: htdocs directories are world-readable because they need to be accessible by the httpd.
Thus, the directory creation mode is an administrative setting, not something that can be decided from the code. I have attached a patch which makes this configurable, defaulting to the safe 0755 mode. Vulnerable by default is not an option.
More elaborate description in the attached patch.
This has been partially implemented.
As an update...
The only instances of mkdir() left are in ~/maintenance, so for most people, directories should be created with respect to $wgDirectoryMode. I'll be poking at the maintenance scripts as well to see if we can phase any of the mkdir()'s in favor of wfMkdirParents().
A few scattered chmod() calls left, probably needs looking at as well (either removing or using $wgDirectoryMode, as needed).
I'm going to go ahead and mark this FIXED at this point. Except for the instances I noted above (in ./maintenance, and only a few instances there), this has largely been handled and image directories are made by whatever permission specified in config.