Last modified: 2010-05-15 15:51:54 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T13209, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 11209 - Image directories vulnerable to other local users
Image directories vulnerable to other local users
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Uploading (Other open bugs)
1.10.x
All All
: Normal enhancement (vote)
: ---
Assigned To: Chad H.
:
Depends on: 14593
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-06 09:10 UTC by Marti Raudsepp
Modified: 2010-05-15 15:51 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Patch to make directory modes configurable (5.04 KB, patch)
2007-09-06 09:10 UTC, Marti Raudsepp
Details

Description Marti Raudsepp 2007-09-06 09:10:07 UTC
Created attachment 4080 [details]
Patch to make directory modes configurable

Currently, MediaWiki creates all directories (e.g., for the image upload hash) with UNIX mode 0777, which means that any user who is able to read the images, can also change them. This causes problems on shared hosting setups which rely on UNIX permissions to isolate users: htdocs directories are world-readable because they need to be accessible by the httpd.

Thus, the directory creation mode is an administrative setting, not something that can be decided from the code. I have attached a patch which makes this configurable, defaulting to the safe 0755 mode. Vulnerable by default is not an option.

More elaborate description in the attached patch.
Comment 1 Chad H. 2008-07-31 02:38:46 UTC
This has been partially implemented.
Comment 2 Chad H. 2008-09-19 17:15:45 UTC
As an update...

The only instances of mkdir() left are in ~/maintenance, so for most people, directories should be created with respect to $wgDirectoryMode. I'll be poking at the maintenance scripts as well to see if we can phase any of the mkdir()'s in favor of wfMkdirParents().

A few scattered chmod() calls left, probably needs looking at as well (either removing or using $wgDirectoryMode, as needed).
Comment 3 Chad H. 2009-02-18 02:15:22 UTC
I'm going to go ahead and mark this FIXED at this point. Except for the instances I noted above (in ./maintenance, and only a few instances there), this has largely been handled and image directories are made by whatever permission specified in config.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links