Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix bug #67060: use default mode of 660
  • Loading branch information
smalyshev committed Apr 29, 2014
1 parent 2d625b5 commit 35ceea9
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 4 deletions.
4 changes: 3 additions & 1 deletion NEWS
Expand Up @@ -25,7 +25,7 @@ PHP NEWS
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
in its name). (PR #588)

?? ??? 2014, PHP 5.4.28
01 May 2014, PHP 5.4.28

- Core:
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
Expand Down Expand Up @@ -55,6 +55,8 @@ PHP NEWS

- FPM:
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
. Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
default configuration) (CVE-2014-0185). (Stas)

- JSON:
. Fixed bug #66021 (Blank line inside empty array/object when
Expand Down
2 changes: 1 addition & 1 deletion sapi/fpm/fpm/fpm_unix.c
Expand Up @@ -35,7 +35,7 @@ int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */
/* uninitialized */
wp->socket_uid = -1;
wp->socket_gid = -1;
wp->socket_mode = 0666;
wp->socket_mode = 0660;

if (!c) {
return 0;
Expand Down
4 changes: 2 additions & 2 deletions sapi/fpm/php-fpm.conf.in
Expand Up @@ -166,10 +166,10 @@ listen = 127.0.0.1:9000
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0666
; mode is set to 0660
;listen.owner = @php_fpm_user@
;listen.group = @php_fpm_group@
;listen.mode = 0666
;listen.mode = 0660

; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
Expand Down

0 comments on commit 35ceea9

Please sign in to comment.