id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
21855	Several files are group writable, breaking suPHP–based setups	JeremyVisser		"After upgrading to WordPress 3.4.2, I found the following files are group writable:

 * wp-admin/about.php
 * wp-admin/setup-config.php
 * wp-admin/includes/class-wp-themes-list-table.php
 * wp-admin/includes/class-wp-plugins-list-table.php
 * wp-admin/includes/meta-boxes.php
 * wp-admin/includes/update-core.php
 * wp-admin/includes/class-wp-upgrader.php
 * wp-admin/includes/class-wp-ms-themes-list-table.php
 * wp-admin/plugins.php
 * wp-admin/index.php
 * wp-admin/js/link.dev.js
 * wp-admin/js/link.js
 * wp-admin/js/customize-controls.js
 * wp-admin/js/post.dev.js
 * wp-admin/js/post.js
 * wp-admin/js/customize-controls.dev.js

An example {{{ls -l}}}:

{{{
-rw-rw-r-- 1 wordpress www-data  5473 Sep  7 08:15 /var/www/wordpress/wp-admin/index.php
}}}

This is in contrast to the majority of files:

{{{
-rw-r--r-- 1 wordpress www-data 395 Jun 14 18:14 /var/www/wordpress/index.php
}}}

This causes suPHP errors such as the following:

{{{
SoftException in Application.cpp:249: File ""/var/www/wordpress/wp-admin/index.php"" is writeable by group
Premature end of script headers: index.php
}}}

A temporary workaround is to {{{chmod g-w}}} these files on my end, but the permissions get overwritten every time an SVN update occurs."	defect (bug)	closed	normal		Filesystem	3.4.2	normal	invalid