chmod 777如何使服务器容易受到攻击？ [英] How will a server become vulnerable with chmod 777?

问题描述

我经常阅读一些文章

chmod 777很糟糕！

chmod 777 is bad!

我想知道：

执行 chmod 777时我如何变得脆弱？ code>在文件上？

How do I become vulnerable when I execute chmod 777 on a file?

我可以重现的真实示例是什么？

What is a real world example of this that I can reproduce?

推荐答案

它允许文件系统内容被任何人查看和/或修改 ：假设攻击者已经具有一般的系统访问权限，这在共享主机平台上非常普遍。从一开始就比其他人更坚强。以下是可能的攻击媒介的一小部分不完整：

1. 您的安全代码可能是在 相同 Web服务器上下文中运行的其恶意代码 覆盖..可能会窃取密码/特洛伊木马，暴露数据库，删除内容等。也就是说，有人其他的代码可以在您的安全上下文下运行。


2. 内容（例如脚本源）可以在网络外部查看-服务器（或所有者）上下文。是否具有安全密码才能连接到数据库？好吧，不再了...


3. 如果内容受权限保护（例如，Web服务器之前无法访问），则 Web服务器可能能够访问/列出敏感信息 ...如果您不打算分享，那就不好了。不同的Web服务器配置也将以不同方式对待列表，这也可能暴露超出期望的范围。

1. "your safe code" could be overwritten with "their malicious code" which runs within the same web-server context .. could steal passwords/trojan, expose DB, delete content, etc. That is, someone else's code can run under your security context.
2. Content (e.g. "script source") can possibly be viewed outside of the web-server (or owner) context. Have a "secure" password to connect to the DB? Well, not anymore...
3. If content was protected by permissions (e.g. web-server couldn't access before), the web-server might be able to access/list sensitive information... not good if you didn't mean to share it. Different web-server configurations will also treat "listings" differently, which can also expose more than is desired.

在上面我也假定组包括Web服务器主体，并且所涉及的Web服务器（和/或共享主机）可以用作主要攻击媒介和/或安全漏洞。但是，我再次强调：上面的列表不完整。

In the above I also assume "group" to include the web-server principal and that there is a web-server (and/or shared hosting) involved which can be used as a primary attack vector and/or security vulnerability. However, and I stress this again: the list above is not complete.

虽然没有保证安全性，但使用最特定的权限可以减轻某些漏洞/风险。

While not "guaranteed safety", using the most specific permissions can mitigate some vulnerabilities / exposure.

这篇关于chmod 777如何使服务器容易受到攻击？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！