Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
I noticed that the files and directory created by filecache have Read/Write/Execute permissions instead of only Read/Write. However unlikely it might be a security risk as a file could somehow be executed as the same user as the rest of the site.
Comment | File | Size | Author |
---|---|---|---|
#6 | 1587626-filecache-dir-permissions.patch | 550 bytes | SocialNicheGuru |
Comments
Comment #1
ogi CreditAttribution: ogi commentedFixed in af29d92.
Comment #3
Mikael Nord CreditAttribution: Mikael Nord commentedUnfortunately, since the files are now
chmod 666
and most often located in/tmp
, they will in many cases still be writable by anyone on the system. This means that any local user can deface your site and is a major security concern. I suggestchmod 600
instead, since cached pages may contain sensitive information (if you are using Authcache for example).chmod 644
will make it possible for everyone to read but not to write or to execute the files in your cache bin.Comment #4
Mikael Nord CreditAttribution: Mikael Nord commentedComment #5
geek-merlinwrong status.
Comment #6
SocialNicheGuru CreditAttribution: SocialNicheGuru commentedreview this to see if '0600' is sufficient.
Comment #7
geek-merlinWe'd better use drupal_chmod() and it's return code to keep compatible and customizable.
Comment #8
ogi CreditAttribution: ogi commented