Strict permissions on /var/tmp/* folders created

Development-related discussion, including bundled plugins
Megra
Bear Rating Trainee
Bear Rating Trainee
Posts: 4
Joined: 06 Aug 2010, 17:36

Strict permissions on /var/tmp/* folders created

Postby Megra » 06 Aug 2010, 17:45

Some temporary files are stored in /var/tmp/{simplepie-ttrss-cache,magpie-ttrss-cache} by defaults.

I would recommend giving strict permissions to those directories and give no right to the "others" group.
Thus, you'll need to make the following changes to TTR:

Replace:
./www/functions.php:637: mkdir(SIMPLEPIE_CACHE_DIR);
By:
mkdir(SIMPLEPIE_CACHE_DIR, 0750);

Replace:
./www/lib/magpierss/rss_cache.inc:34: $status = @mkdir( $this->BASE_CACHE, 0755 );
By:
$status = @mkdir( $this->BASE_CACHE, 0750 );


Another solution would be to keep temporary files under the TTR folder, locked by an HTACCESS file (deny from all). But that's the first solution described earlier seems better.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Strict permissions on /var/tmp/* folders created

Postby fox » 04 Nov 2010, 17:32

Another solution would be to keep temporary files under the TTR folder, locked by an HTACCESS file (deny from all).


Fixed in trunk in this fashion.


Return to “Development”

Who is online

Users browsing this forum: No registered users and 1 guest