use 775 default for mkdirs, to avoid world-write

[ashnazg]

For Issue #29. I chose 775 default instead of suggested 755 on the assumption that runtime user's group should be considered safe enough.

[mcdruid]

I suppose there's a chance this may break things for some applications that use Archive_Tar, but it seems like a sensible change.

Thanks for adding tests.

[ashnazg]

I'd do a minor release (1.5.0) on this rather than patch release (1.4.15), based on this behavior change. At least that'll signal to people that something API-level-ish got changed.

[ashnazg]

@mcdruid , do you think you'll have time to roll a 1.5.0 release for this soon? If not, I can do it.

[mcdruid]

@ashnazg yup, I'll work on this in #47

[orlitzky]

In general, mode 0775 will still be insecure (but don't panic, read on). For example, on our web servers, each website user runs as its own account but they share a single websites group. (Having a shared group lets you e.g. chroot by group in sshd_config). Mode 0775 would allow the users/administrators of one site to edit the files of another.

However, I don't think this was your problem to begin with. At the very least, the server administrator should be using umask to set an upper limit on the permissions given to new files and directories. The documentation for the mkdir() function says that the permissions you give it are "modified by the current umask...", and on any reasonable system, the umask will be at least 0022. So even with mkdir(...,0777), the resulting directory will wind up with mode 0755. This is probably why it was 0777 to begin with -- the umask is what actually determines the final set of permission bits.