[Wylug-discuss] 777 access on an images directory
Phil Driscoll
phil at dialsolutions.co.uk
Fri Oct 12 16:43:21 BST 2007
On Friday 12 Oct 2007, Mike Goodman wrote:
> Hi, Folks,
>
> This is pertinent to a conversation in the pub after Monday's meeting.
> It was regarding whether there is a potential security hole, nay, gaping
> chasm, in one of our favourite FOSS e-commerce applications. The problem
> is uploading images via ftp to a directory with permissions set at 777
> and whether this would allow a malefactor to upload and implement
> executable files. (Are you watching, Phil?) ;-)
>
> I have subsequently come across this thread on Bytemark's discussion
> forum: https://forum.bytemark.co.uk/viewtopic.php?id=57 and would like
> to hear whether you folk think it as safe as the final contributor there
> indicates?
The 777/execution bit was not the issue I was warning you about. The problem
is that the application allows upload of files into a directory which is
served up by the web server. Hence, if someone manages to upload a .php file,
then when the file is accessed via a browser, the web server will execute any
script inside it, regardless of the execute bit settings on the file
permissions. Once your attacker can do that, they can, at the very least,
have full control of your e-commerce application and all the database tables
it talks to.
Be afraid - be very afraid :)
Cheers
--
Phil Driscoll
More information about the Wylug-discuss
mailing list