Removed other group permissions o= from pam.d/smtp file in installer_base.lib.php file.

tekati · tekati · commit be3234e0b28a · 2010-07-12T03:16:07.000Z
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
@@ -637,6 +637,8 @@ public function configure_pam() {
 		//* configure pam for SMTP authentication agains the ispconfig database
 		$configfile = 'pamd_smtp';
 		if(is_file("$pam/smtp"))    copy("$pam/smtp", "$pam/smtp~");
+		// On some OSes smtp is world readable which allows for reading database information.  Removing world readable rights should have no effect.
+		if(is_file("$pam/smtp"))    exec("chmod o= $pam/smtp");
 		if(is_file("$pam/smtp~"))   exec("chmod 400 $pam/smtp~");
 
 		$content = rf("tpl/$configfile.master");
@@ -1638,4 +1640,4 @@ protected function insert_db_credentials($tContents) {
 	}
 }
 
-?>
+?>

Original file line number	Diff line number	Diff line change
`@@ -637,6 +637,8 @@ public function configure_pam() {`
`637`	`637`	`//* configure pam for SMTP authentication agains the ispconfig database`
`638`	`638`	`$configfile = 'pamd_smtp';`
`639`	`639`	`if(is_file("$pam/smtp")) copy("$pam/smtp", "$pam/smtp~");`
	`640`	`+ // On some OSes smtp is world readable which allows for reading database information. Removing world readable rights should have no effect.`
	`641`	`+ if(is_file("$pam/smtp")) exec("chmod o= $pam/smtp");`
`640`	`642`	`if(is_file("$pam/smtp~")) exec("chmod 400 $pam/smtp~");`
`641`	`643`
`642`	`644`	`$content = rf("tpl/$configfile.master");`
`@@ -1638,4 +1640,4 @@ protected function insert_db_credentials($tContents) {`
`1638`	`1640`	`}`
`1639`	`1641`	`}`
`1640`	`1642`
`1641`		`-?>`
	`1643`	`+?>`