Pivot at sdf

So after an evening of not too painful bash scripting, pivot is now1 available as an auto-install tool on SDF.

See http://motd.org/ for more details about SDF’s web tools collection.

1 Once I’ve squashed whatever bug is causing the dubious file permissions.

Used tags: ,

one comment

The permissions bug is fixed – it was due to a line in pvlib.php which was setting the umask to 0111 without consulting the configuration. I’ve changed it to 0133 which is safer.

This seems like an awful security hole which exists in every unmodified install of pivot out there (well versions 1.40.6 and 1.40.7 at least), as anyone with an account on your server can write to any of your posts!

Either that or I’ve missed the point and it’s meant to be like that, and is actually perfectly safe for reasons I’m not seeing.

-Id
 

Update:

In response to my query, the pivot developers have released a patch to fix this bug. It’s quite worrying that there are thousands of blogs out there with php files that can be written to by anyone who shares the server they’re hosted on!

It was probably a one-off fubar, but I’ll be making daily backups of my freeshell account just in case!
Idris (URL) - 01 04 09 - 20:53

Post a comment


Name:  
Remember personal info?

Email:
URL:
Comment: Emoticons / Textile

This is not a trick question, but a mechanism for spam prevention.
 

  ( Register your username / Log in )

Notify:
Hide email:

Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.
Powered by Pivot. RSS Feed & ATOM Feed