On 12/30/10 10:38 AM, Benjamin Eberlei wrote:
If you do a grep for '0777' on the current code you'll find tons of extensions
that grant world-writeable access to cache or other directories.
Not in the core.
We use 0777 as the second argument to mkdir, but that just to say we
want to use the current umask, which is not 0777 by default (but can be
changed the way you want in your code).
Fabien
Can we rather have a method that makes it 0755 or 0775 depending if the
developer uses the same server-user for web and console execution or two
different users, you could even make the usernames configurable in the
config.yml, defaulting to www-data.www-data
Yeah 0777 is simple, but it just means taking away the responsibility for
security from the user and doing it wrong.
greetings,
Benjamin
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
