57514 – Security hole: Horde test.php files should be chmod'd to 0

Bug 57514 - Security hole: Horde test.php files should be chmod'd to 0

Summary: Security hole: Horde test.php files should be chmod'd to 0

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All All

Importance:	High major (vote)
Assignee:	SpanKY

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-07-18 13:32 UTC by Mike Nerone
Modified:	2004-07-30 06:23 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike Nerone 2004-07-18 13:32:11 UTC

Most (all?) Horde applications come with test.php files intended to help the administrator determine if all needed applications are in place, etc. They can provide a wealth of information (including full output of phpinfo()) to a cracker, and are intended to be disabled for normal use. In the interest of security, ebuilds should chmod them to 0 at installation (the admin can enable them explicitly when testing).

In fact, horde-2.2.5.ebuild already does this chmod explicitly in the ebuild. Ebuilds for other horde components don't, though. I submit that this chmod should be put into the eclass in horde_src_install().

Comment 1 SpanKY gentoo-dev

2004-07-18 17:49:04 UTC

hmm, didnt realize other plugins came with test.php, thought just horde did

Comment 2 SpanKY gentoo-dev

2004-07-30 06:23:21 UTC

added to the eclass, thanks