Bug 823097 - PHP document root is writable by Apache
PHP document root is writable by Apache
Status: CLOSED DEFERRED
Product: OpenShift Origin
Classification: Red Hat
Component: Containers (Show other bugs)
1.x
Unspecified Unspecified
high Severity low
: ---
: ---
Assigned To: Rob Millner
libra bugs
: Security, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-18 23:35 EDT by Steve Meyers
Modified: 2013-11-17 19:39 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-05-30 20:35:46 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Steve Meyers 2012-05-18 23:35:54 EDT
In the PHP environment, the php/ directory (the document root) is writable by Apache.  This is generally considered a major security problem.  I understand that many popular software packages (WordPress, among others) prefer to have a writable document root, so they can manage their own code.  It would be good to at least have that default to non-writable, and allow people to disable the more secure setting at their own risk.
Comment 1 Rob Millner 2012-05-21 14:39:43 EDT
We may not be able to change this due to how the application environment and work-flow are setup. Taking the ticket in to discuss what we can do.
Comment 2 Mike McGrath 2012-05-29 17:08:34 EDT
We have a fix planned for this that will enable / disable high security mode.  In high security mode, what you're wanting to do (apache not writing to the php/ directroy) won't be allowed.  Unfortunately I don't have an ETA for that.
Comment 3 Rob Millner 2012-05-30 20:35:46 EDT
Since this specifies a future feature we're planning that's a ways off, I'm going to close the ticket out as a deferred request.

Note You need to log in before you can comment on or make changes to this bug.