PhpDig.net

Go Back   PhpDig.net > PhpDig Forums > Script Installation

Reply
 
Thread Tools
Old 07-20-2005, 03:14 PM   #1
benjamintr
Green Mole
 
Join Date: Jul 2005
Posts: 6
Unhappy security issues with chmod 777?

The web host I'm working with isn't happy with the instructions that say to
"CHMOD the following directories to 777, or rwxrwxrwx, permission if on a *nix server." Is this is a security issue? If so, what changes need to be made to make sure security isn't a problem?

thanks,

-Benjamin
benjamintr is offline   Reply With Quote
Old 07-23-2005, 12:49 PM   #2
Charter
Head Mole
 
Charter's Avatar
 
Join Date: May 2003
Posts: 2,539
The 777 permissions are so that PhpDig can access and write to directories and files. Assuming PhpDig is secure, then you shouldn't have to worry about web users in general. Of course, if there is a bug in PhpDig that allows badness, then 777 can be an issue. Futher, if you use a shared hosting environment, 777 might allow users on the same machine to do badness, so your host should do what can be done to prevent shared users from accessing your account, such as making sure users are locked into their own accounts.
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.
Charter is offline   Reply With Quote
Old 07-24-2005, 11:43 AM   #3
benjamintr
Green Mole
 
Join Date: Jul 2005
Posts: 6
But doesn't the 777 setting (world write access) open up the folder for writes not just to anyone on the server, but anyone in the "world"?

-B
benjamintr is offline   Reply With Quote
Old 07-25-2005, 09:44 AM   #4
Charter
Head Mole
 
Charter's Avatar
 
Join Date: May 2003
Posts: 2,539
If there is a bug in PhpDig where a user could say upload badness, then 777 could be worldly like you say, but if PhpDig doesn't allow such things, then setting 777 permissions doesn't mean that just anyone can do whatever to 777 directories or files. Said another way, if you set a directory or file to 777 permission, that does not automatically imply that just anyone can come along and mess with the directory or file. Users looking to do badness by utilizing 777 permissions need a way to 'get there' to do badness.
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.
Charter is offline   Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
777 permission help sandychan External Binaries 1 07-13-2006 12:17 AM
Security issues Niele How-to Forum 1 04-25-2005 10:52 AM
Security Risk: allow_url_fopen = ON Rolandks Troubleshooting 0 10-07-2004 08:32 AM
CHMOD settings jerrywin5 How-to Forum 1 03-29-2004 01:09 PM
security rom How-to Forum 1 02-28-2004 04:21 PM


All times are GMT -8. The time now is 10:55 PM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.