Security risk with suphp? -> ISPConfig? Hello people First, I want to give thanks to the developers and the entire community for this excellent control panel and for all their work. (The problem). I install satisfactorily ISPConfig 2.2.24 + RAID1 + SUPHP 0.6.3 in Debian Etch following the perfect setup and want to say that everything is working perfectly. My problem is, If i run this script on my site phpfilemanager http://phpfm.sourceforge.net/, for example http://www.mysite.com/phpfilemanager.php Immediately the script change the CHMOD of the folder webx/web from 755 to 777. Immediately suphp starting to show errors because the folder is writable by other users and the page go to 500 error. This happens without any action inside the script, just typing the address in the browser and loading the script. I dont have the error as described in the following post with suphp 0.6.3 http://www.howtoforge.com/forums/showthread.php?p=130220#post130220 I think that this is a serious security risk, someone knows how to solve this problem ? Thank for your time and work. CUBA. Sorry for my English
This has nothing to do with ISPConfig or suPHP. Within the Configuration section within the index.php file, which comes with PHP File Manager, you see a line like: @chmod($dir_atual,0777); So that's the reason that PHP File Manager, changed everything to chmod 777, which is insecure! To solve your problem, you should change the line @chmod($dir_atual,0777); into @chmod($dir_atual,0755);
