diff options
author | Julien Pauli <jpauli@php.net> | 2014-04-29 10:00:47 +0200 |
---|---|---|
committer | Julien Pauli <jpauli@php.net> | 2014-04-29 10:00:47 +0200 |
commit | 61b002b91baa78af0b7f438c8c35a51951c650a5 (patch) | |
tree | 98d33778d8a3d011c5706481d9488cdab1d2d475 | |
parent | 4344eea42133e6a27cb65127c90d23ed8211da8b (diff) | |
download | php-git-61b002b91baa78af0b7f438c8c35a51951c650a5.tar.gz |
Fix for CVE-2014-0185
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | sapi/fpm/fpm/fpm_unix.c | 2 | ||||
-rw-r--r-- | sapi/fpm/php-fpm.conf.in | 4 |
3 files changed, 4 insertions, 3 deletions
@@ -28,6 +28,7 @@ PHP NEWS - FPM: . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf). + . Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info) - JSON: . Fixed bug #66021 (Blank line inside empty array/object when diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c index 48249e8a49..ea0e67369c 100644 --- a/sapi/fpm/fpm/fpm_unix.c +++ b/sapi/fpm/fpm/fpm_unix.c @@ -35,7 +35,7 @@ int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */ /* uninitialized */ wp->socket_uid = -1; wp->socket_gid = -1; - wp->socket_mode = 0666; + wp->socket_mode = 0660; if (!c) { return 0; diff --git a/sapi/fpm/php-fpm.conf.in b/sapi/fpm/php-fpm.conf.in index acdff31f17..c5f4abc59c 100644 --- a/sapi/fpm/php-fpm.conf.in +++ b/sapi/fpm/php-fpm.conf.in @@ -166,10 +166,10 @@ listen = 127.0.0.1:9000 ; permissions must be set in order to allow connections from a web server. Many ; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user -; mode is set to 0666 +; mode is set to 0660 ;listen.owner = @php_fpm_user@ ;listen.group = @php_fpm_group@ -;listen.mode = 0666 +;listen.mode = 0660 ; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original |