tbrehm
2012-07-23 393ca8c757481e73cc2af00d69cd6266de311bd6
Fixed: FS#2325 - httpd log directory permissions allow symlink attacks.
1 files modified
3 ■■■■ changed files
server/plugins-available/apache2_plugin.inc.php 3 ●●●● patch | view | raw | blame | history
server/plugins-available/apache2_plugin.inc.php
@@ -656,7 +656,8 @@
                //* Chown all default directories
                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/log'));
                // $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/log'));
                $this->_exec('chown root:'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/log'));
                $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root'].'/ssl'));
                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));
                $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));