In a PHP / Apache / Linux context, why exactly is chmod 777 dangerous?

by

Here’s one scenario:

  1. You have an unprotected directory that users can upload to.
  2. They upload two files: a shell script, and a php file that has a system() call in it to the shell script.
  3. they access the php script they just uploaded by visiting the url in their browser, causing the shell script to execute.

If this directory is 777, that means that anybody (including the user apache, which is what php script will execute as) can execute it! If the execute bit is not set on that directory and presumably the files inside the directory, then step 3 above would do nothing.

edit from the comments: it’s not the PHP file’s permissions that matter, it’s the system() call inside the PHP file that will be executed as a linux system call by the linux user apache (or whatever you have apache set to run as), and that is PRECISELY where the execution bit matters.

More Related Contents:

  1. UTF-8 all the way through
  2. Run process with realtime output in PHP
  3. Execute PHP script in cron job
  4. PHP $_SERVER[‘HTTP_HOST’] vs. $_SERVER[‘SERVER_NAME’], am I understanding the man pages correctly?
  5. How can I relax PHP’s open_basedir restriction?
  6. How do I throttle my site’s API users?
  7. Using PHP/Apache to restrict access to static files (html, css, img, etc)
  8. The requested URL was not found on this server.
  9. How can I store my users’ passwords safely?
  10. How to create a secure mysql prepared statement in php?
  11. Simplest two-way encryption using PHP
  12. How to do URL re-writing in PHP?
  13. Create Word Document using PHP in Linux [closed]
  14. Execute root commands via PHP
  15. How to fake $_SERVER[‘REMOTE_ADDR’] variable?
  16. encrypt and decrypt md5
  17. Using X-Sendfile with Apache/PHP
  18. best practice to generate random token for forgot password
  19. How to prevent PHP sessions being shared between different apache vhosts?
  20. PHP emitting 500 on errors – where is this documented?
  21. Running two PHP versions on the same server
  22. SSL error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  23. Unable to find the socket transport “ssl” – did you forget to enable it when you configured PHP?
  24. How to manage a single PHP5 session on multiple apache servers?
  25. How to run the PHP script at scheduled time
  26. How can I determine a file’s true extension/type programmatically?
  27. Can I serve MP3 files with PHP?
  28. Parsing HTTP_RANGE header in PHP
  29. how to enable shell_exec and exec on php?
  30. Single Session Login in Laravel

Leave a Comment