security issues with chmod 777?

[benjamintr]

The web host I'm working with isn't happy with the instructions that say to
"CHMOD the following directories to 777, or rwxrwxrwx, permission if on a *nix server." Is this is a security issue? If so, what changes need to be made to make sure security isn't a problem?

thanks,

-Benjamin

[Charter]

The 777 permissions are so that PhpDig can access and write to directories and files. Assuming PhpDig is secure, then you shouldn't have to worry about web users in general. Of course, if there is a bug in PhpDig that allows badness, then 777 can be an issue. Futher, if you use a shared hosting environment, 777 might allow users on the same machine to do badness, so your host should do what can be done to prevent shared users from accessing your account, such as making sure users are locked into their own accounts.

[benjamintr]

But doesn't the 777 setting (world write access) open up the folder for writes not just to anyone on the server, but anyone in the "world"?

-B

[Charter]

If there is a bug in PhpDig where a user could say upload badness, then 777 could be worldly like you say, but if PhpDig doesn't allow such things, then setting 777 permissions doesn't mean that just anyone can do whatever to 777 directories or files. Said another way, if you set a directory or file to 777 permission, that does not automatically imply that just anyone can come along and mess with the directory or file. Users looking to do badness by utilizing 777 permissions need a way to 'get there' to do badness.