Versioncheck warns writable, but FTP can't change permissions? Versioncheck warns writable, but FTP can't change permissions?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Versioncheck warns writable, but FTP can't change permissions?

Started by Eric Chadwick, November 09, 2007, 08:41:51 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Eric Chadwick

November 09, 2007, 08:41:51 PM Last Edit: November 10, 2007, 03:49:46 AM by TranzNDance
Hello.

I upgraded to 1.4.14, and ran Versioncheck.php, and it reports several folders as writable. For example:
=============
Folder writable
The folder "bridge" is writable. This is an unnecessary risk, coppermine only needs read/execute access.
=============

My FTP client, Filezilla 2.2.19a, shows the "bridge" folder permissions as:

drwxr-xr-x

In other words:
Owner permissions: Read/Write/Execute
Group permissions: Read/Execute
Public permissions: Read/Execute

Is Versioncheck showing this as a risk because it has been run by me the owner, and thus it sees the folder as writable?

Since I am the only admin, but Group/Public don't have write access, is there still a risk?

FWIW, my site is hosted, I'm not a server admin.

Thanks for any help.
Print
Go Up Pages1
User actions