Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0002620 [Quercus] minor always 04-22-08 16:15 05-12-08 16:30
Reporter nam View Status public  
Assigned To ferg
Priority high Resolution fixed  
Status closed   Product Version 3.1.5
Summary 0002620: phpmyadmin complains that configuration file is world writable
Description (rep by B. Youngblood)

MacOS X

[2008/04/22 17:36:20.721] com.caucho.quercus.QuercusDieException: Wrong permissions on configuration file, should not be world writable!
[2008/04/22 17:36:20.721] at com.caucho.quercus.env.Env.die(Env.java:3866)
[2008/04/22 17:36:20.721] at _quercus._libraries._Config__class__php$quercus_PMA_Config$fun_checkConfigSource.callMethod(_Config__class__php.java:1770)
[2008/04/22 17:36:20.721] at com.caucho.quercus.env.ObjectExtValue.callMethod(ObjectExtValue.java:623)
[2008/04/22 17:36:20.721] at _quercus._libraries._Config__class__php$quercus_PMA_Config$fun_load.callMethod(_Config__class__php.java:1561)
[2008/04/22 17:36:20.721] at com.caucho.quercus.env.ObjectExtValue.callMethod(ObjectExtValue.java:645)
[2008/04/22 17:36:20.721] at _quercus._libraries._Config__class__php$quercus_PMA_Config$fun___construct.callMethod(_Config__class__php.java:1077)
[2008/04/22 17:36:20.721] at com.caucho.quercus.program.CompiledMethod_1.callMethod(CompiledMethod_1.java:89)
[2008/04/22 17:36:20.721] at com.caucho.quercus.env.QuercusClass.callNew(QuercusClass.java:656)
[2008/04/22 17:36:20.721] at _quercus._libraries._common__inc__php.execute(_common__inc__php.java:366)
[2008/04/22 17:36:20.721] at com.caucho.quercus.env.Env.include(Env.java:3612)
[2008/04/22 17:36:20.721] at com.caucho.quercus.env.Env.includeOnce(Env.java:3562)
[2008/04/22 17:36:20.721] at _quercus._index__php.execute(_index__php.java:45)
[2008/04/22 17:36:20.721] at com.caucho.quercus.page.QuercusPage.executeTop(QuercusPage.java:119)
[2008/04/22 17:36:20.721] at com.caucho.quercus.servlet.ResinQuercusServlet.service(ResinQuercusServlet.java:146)
[2008/04/22 17:36:20.721] at com.caucho.quercus.servlet.QuercusServlet.service(QuercusServlet.java:353)
[2008/04/22 17:36:20.721] at javax.servlet.http.HttpServlet.service(HttpServlet.java:91)
[2008/04/22 17:36:20.721] at com.caucho.server.dispatch.ServletFilterChain.doFilter(ServletFilterChain.java:103)
[2008/04/22 17:36:20.721] at com.caucho.server.cache.CacheFilterChain.doFilter(CacheFilterChain.java:187)
[2008/04/22 17:36:20.721] at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:181)
[2008/04/22 17:36:20.721] at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:266)
[2008/04/22 17:36:20.721] at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:269)
[2008/04/22 17:36:20.721] at com.caucho.server.port.TcpConnection.run(TcpConnection.java:603)
[2008/04/22 17:36:20.721] at com.caucho.util.ThreadPool$Item.runTasks(ThreadPool.java:721)
[2008/04/22 17:36:20.721] at com.caucho.util.ThreadPool$Item.run(ThreadPool.java:643)
[2008/04/22 17:36:20.721] at java.lang.Thread.run(Thread.java:613)
Additional Information
Attached Files

- Relationships

- Notes
(0003016)
davidkonsumer
04-26-08 16:37
edited on: 04-26-08 16:43

This is a problem with the way Quercus interprets permissions. I think it is very serious (not just for phpmyadmin...)

Here is an example:

chmod 000 config.inc.php
ls -al config.inc.php
---------- 1 root root 1812 2008-04-26 16:16 config.inc.php

Now I go into phpmyadmin's Config.class.php file, around line 480, and add this:
printf("permission check: %s - %d", $this->getSource(), $perms );


This outputs:

permission check: ./config.inc.php - 438
Wrong permissions on configuration file, should not be world writable!

The 438 should be 000.

If your PHP implementation does not support file permissions, it should at least return FALSE (like windows) so that checks for support are accurate (in the case of phpmyadmin, it would have let the error pass if it was FALSE.)

 
(0003053)
ferg
05-12-08 16:30

php/164h
 

- Issue History
Date Modified Username Field Change
04-22-08 16:15 nam New Issue
04-22-08 16:16 nam Priority normal => high
04-26-08 16:37 davidkonsumer Note Added: 0003016
04-26-08 16:40 davidkonsumer Note Edited: 0003016
04-26-08 16:41 davidkonsumer Note Edited: 0003016
04-26-08 16:43 davidkonsumer Note Edited: 0003016
04-28-08 14:35 davidkonsumer Issue Monitored: davidkonsumer
05-12-08 16:30 ferg Note Added: 0003053
05-12-08 16:30 ferg Assigned To  => ferg
05-12-08 16:30 ferg Status new => closed
05-12-08 16:30 ferg Resolution open => fixed
05-12-08 16:30 ferg Fixed in Version  => 3.2.0


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
36 total queries executed.
28 unique queries executed.
Powered by Mantis Bugtracker