Breno,

Thanks for the update.

Do you know if there is an anticipated release date for 2.7.2? or if there is a simple patch I could apply to 2.7.1 to fix this?

Thanks,

Paul

 

From: Breno Silva [mailto:breno.silva@gmail.com]
Sent: Friday, December 14, 2012 5:36 PM
To: Paul Beckett (ITCS)
Cc: mod-security-users@lists.sourceforge.net
Subject: Re: [mod-security-users] SecUploadFileMode not working in 2.7.1

 

Yes. 

 

SecUploadFileMode in modsecurity 2.7.x is broken. However it is already fixed for 2.7.2.

 

Thanks

 

Breno

On Fri, Dec 14, 2012 at 7:56 AM, Paul Beckett (ITCS) <P.Beckett@uea.ac.uk> wrote:

In my mod-security config, I am setting the file mode as follows:

 

SecUploadFileMode 0640

 

This worked fine for me in ModSecurity 2.6.8, giving the expected permission set:

-rw-r----- 1 web_apache_sa clamav 3164 Dec 14 13:47 20121214-134722-UMst6oveeK0AAB22NP0AAADI-file-OhLOox

 

Today I upgraded to ModSecurity 2.7.1 (built from source), I now get:

-rw------- 1 web_apache_sa clamav 3164 Dec 14 13:31 20121214-133123-UMsqK4veeK0AAAxoz2AAAAAS-file-ICjJbM

 

Thinking this was probably something I’d done wrong (as I’m new to mod_security), I rebuilt mod_security 2.6.8 with exactly the same settings as I’d built 2.7.1, and this results in the files having the file permissions I expected.

 

Does anyone know if this is a bug? The only thing I can find in JIRA is MODSEC-247 , where release 2.6.1 appeared to have this issue, but this was fixed. Or is there some specification change I’ve missed that I should be doing something differently?

 

Thanks for taking the time to read this,

Paul

 


------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/