#1 (permalink)  
Old 10-06-2005, 11:03 AM
Registered User
 
Join Date: Oct 2005
Posts: 1
skyshine is on a distinguished road
security php fopen chmod 777

Hi

If using php in a cPanel account the only way I can write to a file is to CHMOD as writable to everybody . I would have thought this is a security issue, enabling anyone to write to that file. Can someone please clarify? I have read somwhere that for some reason this is still secure, but I question that.

eg
$fileH = fopen("/home/path/to/file","w");
comes up with
Warning: fopen(/home/path/to/file): failed to open stream: Permission denied in /home/path/to/file on line 2
unless CHMOD xx6 or xx7

Many Thanks
Sky
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 10-12-2005, 04:13 PM
sv1 sv1 is offline
Registered User
 
Join Date: Aug 2003
Posts: 140
sv1
We have an issue on a server which we upgraded php and after running /scripts/convert2maildir

Warning: fopen(/tmp/horde_32001.log): failed to open stream: Permission denied in /usr/local/cpanel/3rdparty/lib/php/Log/file.php on line 202

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/3rdparty/lib/php/Log/file.php:202) in /usr/local/cpanel/base/horde/login.php on line 96
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 10-12-2005, 04:34 PM
sh4ka's Avatar
Registered User
 
Join Date: May 2005
Posts: 432
sh4ka is on a distinguished road
first try chmod 755 and if that doesn't work temporary you will have to chmod 777 that file until you resolve the problems, and yeap, it's kind unsure that..
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 10-13-2005, 10:19 AM
chirpy's Avatar
Moderator
 
Join Date: Jun 2002
Location: Go on, have a guess
Posts: 13,495
chirpy will become famous soon enough
Quote:
Originally Posted by sv1
We have an issue on a server which we upgraded php and after running /scripts/convert2maildir

Warning: fopen(/tmp/horde_32001.log): failed to open stream: Permission denied in /usr/local/cpanel/3rdparty/lib/php/Log/file.php on line 202

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/3rdparty/lib/php/Log/file.php:202) in /usr/local/cpanel/base/horde/login.php on line 96
Just delete the /tmp/horde_32001.log file and it should recreate itself with the correct ownership. Also, do make sure that /tmp is chmod 1777.

Quote:
If using php in a cPanel account the only way I can write to a file is to CHMOD as writable to everybody . I would have thought this is a security issue, enabling anyone to write to that file. Can someone please clarify? I have read somwhere that for some reason this is still secure, but I question that.
Yup, welcome to the crap php security model. Oh wait, it doesn't have one. If you want to avoid that you'd have to rebuild apache with phpsuexec enabled.
__________________
Jonathan Michaelson
cPanel Forum Moderator

Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 09:53 AM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
© cPanel Inc