服务器如何使用 chmod 777 变得脆弱? [英] How will a server become vulnerable with chmod 777?

问题描述

我经常读一些类似

chmod 777 很糟糕！

chmod 777 is bad!

我在想:

当我对文件执行 chmod 777 时，我如何变得易受攻击?

How do I become vulnerable when I execute chmod 777 on a file?

我可以重现的真实世界示例是什么?

What is a real world example of this that I can reproduce?

推荐答案

它允许任何人查看和/或修改文件系统内容:假设攻击者已经拥有在共享托管平台上非常常见的一般系统访问......有些从一开始就比其他人更强化".以下是可能的攻击媒介的一小部分不完整列表:

1. 你的安全代码"可能会被他们的恶意代码"覆盖，这些代码在相同网络服务器上下文中运行..可能会窃取密码/木马，暴露数据库、删除内容等.也就是说，其他人的代码可以在您的安全上下文下运行.
2. 内容(例如脚本源")可能在网络服务器(或所有者)上下文之外被查看.有一个安全"密码来连接到数据库?好吧，不再...
3. 如果内容受权限保护(例如，网络服务器之前无法访问)，网络服务器可能能够访问/列出敏感信息...如果您没有，那就不好了'不是要分享.不同的网络服务器配置也会以不同的方式对待列表"，这也会暴露出超出预期的内容.

1. "your safe code" could be overwritten with "their malicious code" which runs within the same web-server context .. could steal passwords/trojan, expose DB, delete content, etc. That is, someone else's code can run under your security context.
2. Content (e.g. "script source") can possibly be viewed outside of the web-server (or owner) context. Have a "secure" password to connect to the DB? Well, not anymore...
3. If content was protected by permissions (e.g. web-server couldn't access before), the web-server might be able to access/list sensitive information... not good if you didn't mean to share it. Different web-server configurations will also treat "listings" differently, which can also expose more than is desired.

在上文中，我还假设组"包括网络服务器主体，并且涉及一个网络服务器(和/或共享主机)，可用作主要攻击媒介和/或安全漏洞.但是，我再次强调:上面的列表不完整.

In the above I also assume "group" to include the web-server principal and that there is a web-server (and/or shared hosting) involved which can be used as a primary attack vector and/or security vulnerability. However, and I stress this again: the list above is not complete.

虽然不能保证安全"，但使用最具体的权限可以减轻一些漏洞/暴露.

While not "guaranteed safety", using the most specific permissions can mitigate some vulnerabilities / exposure.

这篇关于服务器如何使用 chmod 777 变得脆弱?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！