From: glen at delfi dot ee Operating system: PLD Linux PHP version: 5.2.4 PHP Bug Type: SOAP related Bug description: soap cache file is created with insecure permissions on some configurations
Description: ------------ soap cache file is created with insecure permissions on some configurations: -rw-rw-rw- 1 http http 67K Oct 12 19:10 wsdl-cf39a31ae8dbd9b9899539495756434d by default cache is enabled and cache directory is set to /tmp: http://ee.php.net/manual/en/ref.soap.php #ifdef ZEND_WIN32 f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE); #else f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE| S_IROTH|S_IWOTH|S_IRGRP|S_IWGRP); #endif probably in shared enviroments somebody could replace cache file with evil content and cause soap requests to be sent to infectected webserver capturing user passwords logins, depending on application. Reproduce code: --------------- create sample wsdl.xml from: http://www.roguewave.com/support/docs/leif/leif/html/soapworxug/A-1.html $ (rm -f /tmp/wsdl-*; umask 0; strace -ff -eopen php -r '$s = new SoapClient("/tmp/wsdl.xml");' 2>&1|grep wsdl; ls -l /tmp/wsdl-*) open("/tmp/wsdl-d3d4b363f5423ee77d7e0342af8881c7", O_RDONLY) = -1 ENOENT (No such file or directory) open("/tmp/wsdl.xml", O_RDONLY) = 5 open("/tmp/wsdl-d3d4b363f5423ee77d7e0342af8881c7", O_WRONLY|O_CREAT|O_EXCL, 0666) = 5 -rw-rw-rw- 1 glen glen 488 2007-10-12 19:50 /tmp/wsdl-d3d4b363f5423ee77d7e0342af8881c7 -- Edit bug report at http://bugs.php.net/?id=42952&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=42952&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=42952&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=42952&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=42952&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=42952&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=42952&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=42952&r=needscript Try newer version: http://bugs.php.net/fix.php?id=42952&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=42952&r=support Expected behavior: http://bugs.php.net/fix.php?id=42952&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=42952&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=42952&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=42952&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=42952&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=42952&r=dst IIS Stability: http://bugs.php.net/fix.php?id=42952&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=42952&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=42952&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=42952&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=42952&r=mysqlcfg