OK. But I am not changing the permissions. How am I setting the x bit? I am not doing anything in my code except executing a copy() or move_uploaded_file(). Is my server not configured correctly? If so, how do I change the default permissions?
By the way, move_uploaded_file() sets completely different permissions [-rw-------]than copy() [rwxr-xr-x]. I still say . . . "strange". David -----Original Message----- From: Demitrious S. Kelly [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 11:24 PM To: 'Rasmus Lerdorf' Cc: 'David McInnis'; [EMAIL PROTECTED] Subject: RE: [PHP] Does this seem odd? File Upload Permissions Either severely mis-configure, or make a mistake (damn us humans and our mistakes :) -----Original Message----- From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 11:15 PM To: Demitrious S. Kelly Cc: 'David McInnis'; [EMAIL PROTECTED] Subject: RE: [PHP] Does this seem odd? File Upload Permissions But it would mean that you would have to severly misconfigure your server and write severely braindead code. Simply putting a file in your document_root that has the x bit set will under normal circumstances not do anything. On Tue, 26 Mar 2002, Demitrious S. Kelly wrote: > That's not entirely true... if php is running as cgi it would need the > execution bit set. Or if someone wanted to write a shell script in php > to be used to help compromise a server it would need to be executable as > well... > > -----Original Message----- > From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, March 26, 2002 11:08 PM > To: David McInnis > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP] Does this seem odd? File Upload Permissions > > First, the execute bit means nothing over HTTP. So they couldn't just > execute it remotely. They would need an account on the box. > > And second, PHP does not set the x bit, you are doing that. Check your > default umask or set it explicitly with a call to umask() before copying > the file into place. > > > On Tue, 26 Mar 2002, David McInnis wrote: > > > Why does PHP set the execute bit on an uploaded file? This means a > user > > could upload a script and it would be executable. Ouch! Especially > if > > the file is available via httpd after upload. . . HELP. > > > > I am saving to a directory with permissions of 766 > > > > And when php copies the file it assigns the following permissions. > > > > rwxr-xr-x > > > > I am using the copy command to move the file from the tmp directory. > > > > David McInnis > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
