Inspired by the discussion in this question, a maybe stupid question.
We have all been taught that leaving directories or files on Linux-based web hosting with the permission level of 777
is a bad thing, and to set always as little permissions as necessary.
I am now curious as to where exactly lies the danger of exploitation, specifically in a PHP / Apache context.
After all, a PHP script file can be executed from the outside (i.e. through a call to the web server, and subsequently to the interpreter) no matter whether it is marked as "executable", can't it? And the same applies to files called through the command-line php
interpreter, right?
So where exactly is the vulnerability with 777
? Is it the fact that other users on the same machine can access files that are made world writable?
The permission 777 means that any user on your operating system can modify, execute, and write to the files posing a significant security risk to your system. An unauthorized user could use this to modify files to compromise your system.
Setting 777 permissions to a file or directory means that it will be readable, writable and executable by all users and may pose a huge security risk.
777 - all can read/write/execute (full access). 755 - owner can read/write/execute, group/others can read/execute. 644 - owner can read/write, group/others can read only.
Changing File Permissions Using chmod 777 It means to make the file readable, writable and executable by everyone with access. As such, it's a powerful and a potential system-breaker – so extra care should be taken with it.
Here's one scenario:
system()
call in it to the shell script.If this directory is 777, that means that anybody (including the user apache, which is what php script will execute as) can execute it! If the execute bit is not set on that directory and presumably the files inside the directory, then step 3 above would do nothing.
edit from the comments: it's not the PHP file's permissions that matter, it's the system()
call inside the PHP file that will be executed as a linux system call by the linux user apache (or whatever you have apache set to run as), and that is PRECISELY where the execution bit matters.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With