What security problems I get if I leave a directory with permissions on 0777?

[DavidT]

Hi everybody.

I have a problem with a script what I can solve by setting a directory permission on 0777.

Now, what exactly could happen if I leave it so?

The users are supposed to be able to upload files in subdirectories of this main directory "projects". After the upload, the permission of the used subdirectory is set to 0775, so this should avoid that a malicious user can edit the files. Am I right?

Then, the matter is that he could upload undesired files in the main dir? How? And, can he exploit this for executing scripts on his own? How?

Any tip is welcome, thanks.

Kind regards.

[WolfRage]

Basically from what I know the real threat is if you have a script that can execute an upload. Like in this link.

http://www.codingforums.com/archive/index.php/t-72353.html

 

Here is a link with some information on chmod and what 0777 means.

http://www.mkssoftware.com/docs/man1/chmod.1.asp

 

More info taken from the php manual:

<?php
// Read and write for owner, nothing for everybody else
chmod("/somedir/somefile", 0600);

// Read and write for owner, read for everybody else
chmod("/somedir/somefile", 0644);

// Everything for owner, read and execute for others
chmod("/somedir/somefile", 0755);

// Everything for owner, read and execute for owner's group
chmod("/somedir/somefile", 0750);
?>

I hope that all of this helps. But I will say I my self try to hide as much of my scripts as possible. Because some times every once in a great while PHP dumps the actual file instead of parsing. I have seen it happen twice. That means all of your code out to the person.

[DavidT]

Thanks for your answer and the links.

 

So, basically, all the problem should be just in the upload script?

Then, for example, if I check the uploaded file type I already should avoid any kind of problem, don't I?

 

But, also, I was thinking to this...

Let's say that on www.something.blah there is the directory /unsure with permission on 0777

If I write a script on my own website, and put this code:

copy("my_script.php","www.smething.blah/unsure/my_script.php"

I guess that this should work, don´t it?

And, then... what happens when I go on www.smething.blah/unsure/my_script.php ?

Will this script work as if the webmaster had created it? If so, this potentially allows me to do whatever I want, right?

 

 

Than, this means a really serious security problem... and the only protection from this is that the malicious user doesn't know if there is a 0777 directory and where.

Can he get somehow this informations?

 

 

Because some times every once in a great while PHP dumps the actual file instead of parsing. I have seen it happen twice. That means all of your code out to the person.

Ahiahi, how this happened? Because of some error in the script or...?

Just randomly? Do you know if there is any way to avoid this?

[WolfRage]

1:Checking the file upload type is notoriously a weak point for any programing language, I would not store uploaded files in a 0777 area of the server, in fact this directory should be hidden and only accessible by trusted scripts.

2: If you load a script from a user to your server and it is in an excessable and readable directory, then it will get parsed and they could do just about anything they wanted to depending on how well the script is programed.

3: A user could try and probe there are many techniques to get information from a server you are better off just hidding this information altogether.

4: It is a random occurance and is very rare, could be caused to an error but I did not see an error on either page and on the reload both worked fine. The weird part is when it happens your browser will ask you if you would like to save the file. Thats very rare and it is even rarer that when it happens it will be a malicious user. The best way to minimize this is to have scripts that just call scripts that are in a hidden directory. Then they only see that a unaccessable directory has been called and they do not see exactly what your script is actually doing. When the parser fails it only spits out the first file not included files.

5: So are you asking these questions because you are not able to secure your directories?