[wp-trac] [WordPress Trac] #13659: Incorrect permissions created by wp_mkdir_p() when safe mode is used
WordPress Trac
wp-trac at lists.automattic.com
Mon May 31 16:38:00 UTC 2010
#13659: Incorrect permissions created by wp_mkdir_p() when safe mode is used
--------------------------+-------------------------------------------------
Reporter: cgrenier | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: General | Version:
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
When safe mode and sgid directories are used, the function wp_mkdir_p()
frim wp-includes/functions.php will failed to create to create a directory
with correct permissions.
How to test the problem on wp_mkdir_p() function:
- Create a directory, set the permission to 02777
- Put the file named poc.php in this directory
- safe_mode is on, safe_mode_gid is on
- php (apache) is run by a user other than the file owner
- call the poc.php script via an url
Result:
Sub-directory /1/2/3/4/ hasn't been created due to safe mode restriction.
Explanation:
Any file or directory created in a sgid directory inherits the group
owner. When safe mode is used, chmod() cannot set the SUID, SGID and
sticky bits and the chmod() calls will remove the expected permission.
Patchs:
There is a least two possibilities:
* Don't call chmod at all (Need to check if non Unix system, Windows, is
affected).
* Don't call chmod if safe_mode is enable and sgid permission is present
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13659>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list