Some temporary files are stored in /var/tmp/{simplepie-ttrss-cache,magpie-ttrss-cache} by defaults.
I would recommend giving strict permissions to those directories and give no right to the "others" group.
Thus, you'll need to make the following changes to TTR:
Replace:
./www/functions.php:637: mkdir(SIMPLEPIE_CACHE_DIR);
By:
mkdir(SIMPLEPIE_CACHE_DIR, 0750);
Replace:
./www/lib/magpierss/rss_cache.inc:34: $status = @mkdir( $this->BASE_CACHE, 0755 );
By:
$status = @mkdir( $this->BASE_CACHE, 0750 );
Another solution would be to keep temporary files under the TTR folder, locked by an HTACCESS file (deny from all). But that's the first solution described earlier seems better.
Strict permissions on /var/tmp/* folders created
-
fox
- ^ me reading your posts ^
- Posts: 6318
- Joined: 27 Aug 2005, 22:53
- Location: Saint-Petersburg, Russia
- Contact:
Re: Strict permissions on /var/tmp/* folders created
Another solution would be to keep temporary files under the TTR folder, locked by an HTACCESS file (deny from all).
Fixed in trunk in this fashion.
Who is online
Users browsing this forum: No registered users and 5 guests