In a PHP/Apache/Linux Context, Why Exactly Is Chmod 777 Dangerous

In a PHP / Apache / Linux context, why exactly is chmod 777 dangerous?

Here's one scenario:

1. You have an unprotected directory that users can upload to.
2. They upload two files: a shell script, and a php file that has a system() call in it to the shell script.
3. they access the php script they just uploaded by visiting the url in their browser, causing the shell script to execute.

If this directory is 777, that means that anybody (including the user apache, which is what php script will execute as) can execute it! If the execute bit is not set on that directory and presumably the files inside the directory, then step 3 above would do nothing.

edit from the comments: it's not the PHP file's permissions that matter, it's the system() call inside the PHP file that will be executed as a linux system call by the linux user apache (or whatever you have apache set to run as), and that is PRECISELY where the execution bit matters.

PHP: Is permission 777 a security issue?

I believe that you need to set permission 0777 because php needs the ability to write files, because php runs its own process often under its own user it will not be able to write files. Permission 0777 just means that you wish to allow all processes the ability to read write and execute files whereas 0755 only allows owner to read write and execute files but other users such as php to only read and execute.

Now about security:

Because the only real change here is granting php write permission. Now this by itself is not a security problem, as long as you are sanitizing the files you allow to be uploaded. But it does technically open you up to more atteck vectors such as malicious file upload there really is no other way for you to allow file uploads to occur, it is all up to how you processes your files such as blacklisting certain extensions and ensuring file size limits to keep your server secure.

On a side note:

You may also want to drop the execute permission on that folder asking as you do not store any of the php files that you are running in the same directory that you wish to upload files to, which you shouldn't be. Your file upload directory should only have read and write permissions and does not need execute permissions by running the command below

chmod go+rw file

Which is the equivalent to:

chmod -R 0666 /Mohammad/is/cool

Which will make a file readable and writable by the group and others. You can read more about that here and here

Folder with 777 what htaccess rules do I use to whitelist?

This is probably something that is better off enforced by the upload script itself - .htaccess only lets you control what users can access from the web server, it doesn't have any effect on what files are allowed to be created in the directory.

However, if you do simply want to limit viewing access to certain file types, you can do that:

Order Deny,Allow
Deny from all

<FilesMatch "\.(gif|jpe?g|png)$">
    Allow from all
</FilesMatch>

(Note that this has the side effect of denying access to the directory index listing, which you may or may not actually need. If you have direct links to all the files, then it doesn't matter.)

Is it possible for someone to read or write my .php files on the server if they have world read/write permissions?

Yes and no. Can anyone who is viewing the files over the net? No. However, anyone with the ability to log on to your machine could change the files (since they are world readable / writable.) In general, this isn't a good practice. I'd advise not permitting more than 775. If you are in a hosted environment, this shouldn't be a problem though.

Why can't my PHP script chmod a file it creates?

Most probably due to umask. Try setting it to 0 prior to the chmod.

---

Related Topics