Bug 823097

Summary: PHP document root is writable by Apache
Product: OKD Reporter: Steve Meyers <steve-redhat>
Component: ContainersAssignee: Rob Millner <rmillner>
Status: CLOSED DEFERRED QA Contact: libra bugs <libra-bugs>
Severity: low Docs Contact:
Priority: high    
Version: 1.xCC: jhou, mfisher, mmcgrath, mpatel, rmillner
Target Milestone: ---Keywords: Security, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-31 00:35:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steve Meyers 2012-05-19 03:35:54 UTC 
In the PHP environment, the php/ directory (the document root) is writable by Apache.  This is generally considered a major security problem.  I understand that many popular software packages (WordPress, among others) prefer to have a writable document root, so they can manage their own code.  It would be good to at least have that default to non-writable, and allow people to disable the more secure setting at their own risk.
Comment 1 Rob Millner 2012-05-21 18:39:43 UTC 
We may not be able to change this due to how the application environment and work-flow are setup. Taking the ticket in to discuss what we can do.
Comment 2 Mike McGrath 2012-05-29 21:08:34 UTC 
We have a fix planned for this that will enable / disable high security mode.  In high security mode, what you're wanting to do (apache not writing to the php/ directroy) won't be allowed.  Unfortunately I don't have an ETA for that.
Comment 3 Rob Millner 2012-05-31 00:35:46 UTC 
Since this specifies a future feature we're planning that's a ways off, I'm going to close the ticket out as a deferred request.