Page 1 of 3

Simpe question about chmod 777

Posted: Mon Feb 13, 2006 12:26 pm
by seodevhead
Is it really unsafe to have an upload folder on a server that is chmodded 777? I have an image gallery script that users can upload images too. And the images are placed in an 'uploads' folder that is chmodded 777. What can I do to make this safe if it is a security risk? Would there be any problems if I moved it outside the public web directory? Thanks!

Re: Simpe question about chmod 777

Posted: Mon Feb 13, 2006 12:31 pm
by Roja
seodevhead wrote:Is it really unsafe to have an upload folder on a server that is chmodded 777? I have an image gallery script that users can upload images too. And the images are placed in an 'uploads' folder that is chmodded 777. What can I do to make this safe if it is a security risk? Would there be any problems if I moved it outside the public web directory? Thanks!
777 means "The world can read and write to this directory (plus execute files in it)".

Having the world able to upload code to be executed as the server is pretty high on the list of risks. Short of it running as root, there isn't much more risk to be taken on.

As to moving it outside the public web directory, that helps reduce the risk, because the "world" cannot (easily) read/execute the file then. Of course, if they found another script or hole on your server that let them do so...

Posted: Mon Feb 13, 2006 12:39 pm
by seodevhead
What would you suggest I do? I certainly do not want to leave myself wide-open for a security breach. Thanks.

Posted: Mon Feb 13, 2006 1:49 pm
by Roja
seodevhead wrote:What would you suggest I do? I certainly do not want to leave myself wide-open for a security breach. Thanks.
Like any risk, you can put controls in to reduce the risk.

Start by doing exactly what you suggested: put that directory above/outside the webroot.

Then, moving above that, find ways to reduce the need to do that. Use that directory for only the things you absolutely have to. Limit it (via .htaccess if available). Reduce the number of filetypes that can execute from that directory (or just change the chmod to remove executible).

Best of all of course would be to re-engineer the solution to not need it.

I'm in a similar boat with a webgame I'm working on. We can improve the speed of the game and the security (oddly) by using a writable directory. However, doing so exposes additional risk, lowering the security substantially. That means we need strong controls, and solid education around the dangers of that directory. Most importantly, we need to offer the option to *not* use that functionality, and we will probably end up defaulting to not using it - maximum security by default, but performance is available for admins that want to go that extra step.

Posted: Mon Feb 13, 2006 3:59 pm
by Buddha443556
Is it really unsafe to have an upload folder on a server that is chmodded 777? I have an image gallery script that users can upload images too. And the images are placed in an 'uploads' folder that is chmodded 777. What can I do to make this safe if it is a security risk? Would there be any problems if I moved it outside the public web directory? Thanks!
On shared servers without a jailed environment, 777 allows everyone on your server to access that folder. Not everyone on your server maybe Mr. Roger and a 777 folder may make you a target. As alway Roja has a number of good suggestion. I would add the simplest solution - find a better host. Find a host running PHP as CGI under suexec or a host that has a jailed environment. If security is important to you then go find a secure host.

Posted: Tue Feb 14, 2006 12:31 am
by AGISB
At least make it 776 which disables the execute of that folder for world.

Posted: Tue Feb 14, 2006 3:04 am
by Maugrim_The_Reaper
Reminds that many PHP applications have a habit of complaining about the lack of 777 permissions. Oddly Serendipity (weblog) did this at least in 0.8x. This is a nasty habit - a writeable directory need not be 777 since PHP files do not need to be executable...

776 is the easiest solution - no world execute writes. .htaccess can also help limit access from the web without having PHP applications complain. The jailed environment is really good. Believe it or not there are people sharing servers, and some of them aren't trustworthy -

Posted: Tue Feb 14, 2006 6:44 am
by Jenk
766 would be better, because if on shared hosting the group your user id belongs to is likely to be in the same group as everyone else who maintains an account on the same server.

Or 744 if you want read only to everyone but yourself, and because you are using a php script, chown it to the userid of the php process, then your php script can write/upload the files to the directory and the rest of the world can view the images.

Posted: Tue Feb 14, 2006 8:14 am
by neophyte
How could someone off server execute an attack on a 777 directory or file? By attack I mean, overwrite the file or delete some or part of it's content?

Posted: Tue Feb 14, 2006 8:30 am
by Jenk
ftp.

777 allows anyone, everyone and his dog full unrestricted access to the file or directory that has those settings.

EDIT: lol.. that isn't supposed to be a link

Posted: Tue Feb 14, 2006 8:48 am
by matthijs
But for ftp one needs the specific username /password combination, isn't it?

I'm following this thread with great interest, as I've seen many (and even used some) applications/scripts requiring 777 on certain directories to function (in a shared hosting environment that is.) It definately makes me think about this.

Posted: Tue Feb 14, 2006 9:00 am
by neophyte
I'm not a security buff at all. But is something I'm trying to learn about. So pardon me if my questions seem n00bish. But we've all either coded or bumped into other programs where folders had to be chmod' to 0777. I ask the question because I'd like to know how to adequately protect the files.

So, we can place the directory one level above the web directory. You could also forbid apache to serve the files up. You could deny anonymous ftp access to the directory or file.

So lets say all that was in place ... are there anyother ways to write to the file or otherwise destroy data?

Posted: Tue Feb 14, 2006 9:44 am
by Roja
neophyte wrote:How could someone off server execute an attack on a 777 directory or file? By attack I mean, overwrite the file or delete some or part of it's content?
I'll answer this from my specific point of view: An author developing an application that *other* admins deploy primarily on shared servers.

The answer in that scenario is "Nearly an infinite number of possibilities".

On a shared host, there is little security. Chroots on Linux can be easily escaped. Safemode is trivial to overcome. These security measures give a false sense of security.

As a result, on a shared host, any other site hosted there probably has access to your files. Since webhosts and shell accounts are traded on the 'net underground like currency, there is a solid chance that substantial numbers of attackers have accounts on the same host as you - which means they have access to your files.

But if that wasn't bad enough, then consider the number of insecure web scripts installed on webhosts. How many installs of phpbb don't get updated right away? How many installs of phpnuke NEVER get upgraded after mods are installed?

All of those are exploits that will allow an external attacker the same level of access that you have to your files.

So now we have an attacker set that includes all other hosts on your shared host, AND any attackers that have found a *single* exploit on *any* site hosted there. Thats a pretty large source of attacks.

With that many paths in, being proactive and securing what you can should hopefully seem much more reasonable. :)

Posted: Tue Feb 14, 2006 9:54 am
by Jenk
matthijs wrote:But for ftp one needs the specific username /password combination, isn't it?
No, because 777 gives full, unrestricted access to everyone, anyone and his dog, from any domain. The keypoint to remember with this, is even though FTP requires you to use a username, 'anonymous' (the Unix equivalent to 'guest' on Windows) is just that.:)

For example, one of the sites I have been working with once recently suffered an attack directly because one of the developers set a directory to 777. This allowed an attacker to upload their own PHP file, and execute them, gaining them access to various server details (I made a post regarding the attack on here iirc)

I made a reply about access settings in a different CHMOD thread, I shall try and fish it out. :)

EDIT: Here we are:
Jenk wrote:Mode works by 3 x 3 (though it is an octal number.. different story)

The first number relates to the Owner of the file/directory (the user which was used to create it)

The second number refers to the group that the user used to create it belongs to.

The third number relates to all else.

0 = none (deny Read, deny Write, deny Execute.) File is effectively non-existant (more spefically hidden, can't be seen, changed or run by the 'group' that this number is assigned to in the chmod setting)

1 = Execute only (deny Read, deny Write).

2 = Write only (deny Read, deny Execute.)

3 = Write and Execute (deny Read.)

4 = Read only (deny Write, deny Execute.)

5 = Read and Execute (deny Write.)

6 = Read and Write (deny Execute.)

7 = Read, Write and Execute.

So,

Code: Select all

<?php chmod('file', 0754); ?>
Will set the permissons for the current username to be able to read, write and execute the file.

The group of which username is a part of will be able to read and execute the file.

Other (Everyone else) can only read the file.

0755 is popular amongst php developers because if you are hosting the file publically, you want people to be able to see it, and to have it as part of a PHP script it must be executable. Yet the only person you want to allow to update it, is your own user.

In this case it will be lmitied to the user that php was started with, but most hosts run as CGI which means each user (you) gets their own username/id anyway.. but I digress...
viewtopic.php?t=43477

Posted: Tue Feb 14, 2006 10:19 am
by Chris Corbyn
Jenk wrote:
matthijs wrote:But for ftp one needs the specific username /password combination, isn't it?
No, because 777 gives full, unrestricted access to everyone, anyone and his dog, from any domain. The keypoint to remember with this, is even though FTP requires you to use a username, 'anonymous' (the Unix equivalent to 'guest' on Windows) is just that.:)
Most FTPd servers would run policies to deny "WRITE" to the anonymous user so it wouldn't be easily done over FTP.

The main issue here is with users on shared servers... if it's 777 (actually, 0777 ;)) then anybody had full permissions on the file. But.... yes, there's a but. If you have this file in a directory which deny's access to "world" you're a lot safer (removed "world" execute permissions on the folder). Most shared servers run apache under the same userid for everybody though, so if you need the file writable to apache, it's writable to everyone else on the server with a little imagination ;)