Author: viktor
Description:
Description of problem:
[viktor@alex wiki]$ cd /var/www/wiki/
[viktor@alex wiki]$ ls -l LocalSettings.php
-rw-rw-rw-. 1 apache apache 4343 Mar 4 03:38 LocalSettings.php
LocalSetting.php is readable and writeable by all local users. Since this file may contain data-base credentials it shouldn't be globally-writeable.
I'm not sure wether the wikimedia-installtaion script generates this file, so
it may not be fixable in the rpm-package (I'm using the rpm provided by FedoraCore16), but in the mediawiki-source.
As far as I understood the error is in installer/LocalSettingsGenerator.php [1];
142 /**
143 * Write the generated LocalSettings to a file
144 *
145 * @param $fileName String Full path to filename to write to
146 */
147 public function writeFile( $fileName ) {
148 file_put_contents( $fileName, $this->getText() );
149 }
The file_put_contents-call seems to use the default umask.
[1] which i took from:
svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/installer/LocalSettingsGenerator.php
Since I'm not a PHP-programmer, I hope someone with more knowdlege can confirm my observation (maybe with an fresh install from svn).
regards
Viktor
Version-Release number of selected component (if applicable):
1.16.5-59.fc16
Version: 1.20.x
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=24133