I noticed that the files and directory created by filecache have Read/Write/Execute permissions instead of only Read/Write. However unlikely it might be a security risk as a file could somehow be executed as the same user as the rest of the site.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

ogi’s picture

Status: Active » Fixed

Fixed in af29d92.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Mikael Nord’s picture

Priority: Normal » Major
Issue summary: View changes

Unfortunately, since the files are now chmod 666 and most often located in /tmp, they will in many cases still be writable by anyone on the system. This means that any local user can deface your site and is a major security concern. I suggest chmod 600 instead, since cached pages may contain sensitive information (if you are using Authcache for example). chmod 644 will make it possible for everyone to read but not to write or to execute the files in your cache bin.

Mikael Nord’s picture

Status: Closed (fixed) » Needs review
geek-merlin’s picture

Status: Needs review » Needs work

wrong status.

SocialNicheGuru’s picture

Status: Needs work » Needs review
FileSize
550 bytes

review this to see if '0600' is sufficient.

geek-merlin’s picture

We'd better use drupal_chmod() and it's return code to keep compatible and customizable.

ogi’s picture

Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.