versioncheck says 755 is an unnecessary risk? versioncheck says 755 is an unnecessary risk?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

versioncheck says 755 is an unnecessary risk?

Started by Eric Chadwick, January 26, 2008, 06:35:44 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Eric Chadwick

January 26, 2008, 06:35:44 PM
After upgrading from 1.4.12 to 1.4.14, I ran update.php and it finished without errors.

Then I ran versioncheck.php and everything was good except some folders have this warning:

Folder writable
The folder "bridge" is writable. This is an unnecessary risk, coppermine only needs read/execute access.

The offending folders are set 755, so does this mean Owner Write permission is considered a risk? If I changed them to 555 (read/execute only), wouldn't that also prevent the admin (me) from editing these folders?

Nibbler

#1
January 26, 2008, 06:40:23 PM
You don't need to edit them normally. If you do you can just change the permissions temporarily.

Eric Chadwick

#2
January 27, 2008, 07:25:07 PM
Thanks Nibbler.

Hmm, it seems my host is forcing them back to 755. I'll check this out with them, but I'm curious how much of a risk these folders might be?

Joachim Müller

#3
January 28, 2008, 09:31:51 AM
Don't worry: the risk is small. If your webhost has made his homeworks and set up the server properly, shielding the presences on the server against each other, then there is no security risk at all.
Read up Why chmod 777 is NOT a security risk
Print
Go Up Pages1
User actions