diff options
author | Stanislav Malyshev <stas@php.net> | 2014-04-15 10:43:24 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2014-04-28 23:43:46 -0700 |
commit | 790d0057d7882befbfb1533c7c6009da0024802f (patch) | |
tree | 704b5408b496755307d3aafcbc1571ad585c2c71 | |
parent | 8ae92cd4a5e88e6290ea2852128774eca76d71dc (diff) | |
download | php-git-790d0057d7882befbfb1533c7c6009da0024802f.tar.gz |
Fix bug #67060: use default mode of 660
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | sapi/fpm/fpm/fpm_unix.c | 2 | ||||
-rw-r--r-- | sapi/fpm/php-fpm.conf.in | 4 |
3 files changed, 6 insertions, 4 deletions
@@ -1,6 +1,6 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -17 Apr 2014, PHP 5.4.28 RC1 +01 May 2014, PHP 5.4.28 - Core: . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike) @@ -30,6 +30,8 @@ PHP NEWS - FPM: . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf). + . Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure + default configuration) (CVE-2014-0185). (Stas) - JSON: . Fixed bug #66021 (Blank line inside empty array/object when diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c index 48249e8a49..ea0e67369c 100644 --- a/sapi/fpm/fpm/fpm_unix.c +++ b/sapi/fpm/fpm/fpm_unix.c @@ -35,7 +35,7 @@ int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */ /* uninitialized */ wp->socket_uid = -1; wp->socket_gid = -1; - wp->socket_mode = 0666; + wp->socket_mode = 0660; if (!c) { return 0; diff --git a/sapi/fpm/php-fpm.conf.in b/sapi/fpm/php-fpm.conf.in index 1e70f2c1c1..9205d42239 100644 --- a/sapi/fpm/php-fpm.conf.in +++ b/sapi/fpm/php-fpm.conf.in @@ -166,10 +166,10 @@ listen = 127.0.0.1:9000 ; permissions must be set in order to allow connections from a web server. Many ; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user -; mode is set to 0666 +; mode is set to 0660 ;listen.owner = @php_fpm_user@ ;listen.group = @php_fpm_group@ -;listen.mode = 0666 +;listen.mode = 0660 ; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original |