Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-4018

System Status: File permission check will fail on parent directory .. if it is not owned by the same user

    Details

      Description

      The system status widget in controllers/admin_main.php line 216 calls PHP function scandir(), which returns as part of the list the current working directory ".", and the parent directory, "..". The parent directory ".." may not be owned by the same user, and it doesn't need to be. The parent directory should be ignored. Do not evaluate ownership of "..".

      For example:

      1. ls -la /home/user/logs_blesta/
        drwxrwxrwx 2 www-data www-data 4096 Nov 11 18:50 .
        drwxr-xr-x 6 root root 4096 Nov 11 18:39 ..
        rw-rw-r- 1 www-data www-data 10197 Nov 11 19:20 general-alert-2020-11-11.log
        rw-rr- 1 www-data www-data 251 Sep 29 23:58 general-error-2020-09-29.log

        Activity

        admin Paul Phillips created issue -
        admin Paul Phillips made changes -
        Field Original Value New Value
        Description The system status widget in controllers/admin_main.php line 216 calls PHP function scandir(), which returns as part of the list the current working directory ".", and the parent directory, "..". The parent directory ".." may not be owned by the same user, and it doesn't need to be. The parent directory should be ignored. Do not evaluate ownership of "..". The system status widget in controllers/admin_main.php line 216 calls PHP function scandir(), which returns as part of the list the current working directory ".", and the parent directory, "..". The parent directory ".." may not be owned by the same user, and it doesn't need to be. The parent directory should be ignored. Do not evaluate ownership of "..".

        For example:

        # ls -la /home/user/logs_blesta/
        drwxrwxrwx 2 www-data www-data 4096 Nov 11 18:50 .
        *drwxr-xr-x 6 root root 4096 Nov 11 18:39 ..*
        -rw-rw-r-- 1 www-data www-data 10197 Nov 11 19:20 general-alert-2020-11-11.log
        -rw-r--r-- 1 www-data www-data 251 Sep 29 23:58 general-error-2020-09-29.log
        jonathan Jonathan Reissmueller made changes -
        Rank Ranked higher
        jonathan Jonathan Reissmueller made changes -
        Sprint 5.0.0 Sprint 4 [ 121 ]
        jonathan Jonathan Reissmueller made changes -
        Rank Ranked lower
        jonathan Jonathan Reissmueller made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            jonathan Jonathan Reissmueller
            Reporter:
            admin Paul Phillips
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Fix Release Date:
              19/Nov/20

              Agile