[ZF2015-07] Use umask of 0002

Default to 0775 for directory creation, and apply umask of 0002 to any
user-supplied directory creation modes to prevent potential privilege escalation
attacks.

library/Zend/Cloud/StorageService/Adapter/FileSystem.php

@@ -104,7 +104,7 @@ class Zend_Cloud_StorageService_Adapter_FileSystem implements Zend_Cloud_Storage
     {
         $path = $this->_getFullPath($destinationPath);
         file_put_contents($path, $data);
-        chmod($path, 0777);
+        chmod($path, 0775);
     }
 
     /**

library/Zend/Search/Lucene/Storage/Directory/Filesystem.php

@@ -90,8 +90,10 @@ class Zend_Search_Lucene_Storage_Directory_Filesystem extends Zend_Search_Lucene
      * @return boolean
      */
 
-    public static function mkdirs($dir, $mode = 0777, $recursive = true)
+    public static function mkdirs($dir, $mode = 0775, $recursive = true)
     {
+        $mode = $mode & ~0002;
+
         if (($dir === null) || $dir === '') {
             return false;
         }
@@ -360,4 +362,3 @@ class Zend_Search_Lucene_Storage_Directory_Filesystem extends Zend_Search_Lucene
         return $this->_fileHandlers[$filename];
     }
 }
-

library/Zend/Service/WindowsAzure/CommandLine/PackageScaffolder/PackageScaffolderAbstract.php

@@ -119,13 +119,13 @@ abstract class Zend_Service_WindowsAzure_CommandLine_PackageScaffolder_PackageSc
         }
         
         if (is_dir($path) ) {
-            @chmod($path, '0777');
+            @chmod($path, '0775');
             if (!self::deleteDirectory($path) ) {
                 throw new RuntimeException("Failed to delete \"{$path}\".");
             }
         }
             
-        if (!mkdir($path, '0777', $recursive) || !is_dir($path)) {
+        if (!mkdir($path, '0775', $recursive) || !is_dir($path)) {
             throw new RuntimeException( "Failed to create directory \"{$path}\"." );
         }
 
@@ -142,7 +142,9 @@ abstract class Zend_Service_WindowsAzure_CommandLine_PackageScaffolder_PackageSc
      * 
      * @return boolean
      */
-    protected function copyDirectory($sourcePath, $destinationPath, $abortIfExists = true, $mode = '0777') {
+    protected function copyDirectory($sourcePath, $destinationPath, $abortIfExists = true, $mode = '0775') {
+        $mode = $mode & ~0002;
+
         if (is_null($sourcePath) || !is_string($sourcePath) || empty($sourcePath)) {
             throw new InvalidArgumentException("Undefined \"sourcePath\"");
         }
@@ -217,7 +219,7 @@ abstract class Zend_Service_WindowsAzure_CommandLine_PackageScaffolder_PackageSc
         if (!$handleDir) {
             return false;
         }
-        @chmod($path, 0777);
+        @chmod($path, 0775);
         while ($file = readdir($handleDir)) {
             if ($file == '.' || $file == '..') {
                 continue;
@@ -240,7 +242,7 @@ abstract class Zend_Service_WindowsAzure_CommandLine_PackageScaffolder_PackageSc
             );
         }
         
-        @chmod($path, 0777);        
+        @chmod($path, 0775);        
         closedir($handleDir);
         @rmdir($path);