在PHP /阿帕奇/ Linux的背景下,为什么恰恰是搭配chmod 777危险? [英] In a PHP / Apache / Linux context, why exactly is chmod 777 dangerous?
问题描述
href=\"http://stackoverflow.com/questions/2336573/php-protecting-site-from-folders-with-777-permissions/2336597#2336597\">this问题 ,也许一个愚蠢的问题。
Inspired by the discussion in this question, a maybe stupid question.
我们都被教导说离开的目录或文件与的权限级别托管的基于Linux的网络 777 是一件坏事,并设置总是尽可能少的权限作为必要的。
We have all been taught that leaving directories or files on Linux-based web hosting with the permission level of 777 is a bad thing, and to set always as little permissions as necessary.
我现在好奇的是,在这里的究竟的在于剥削的危险,特别是在一个PHP / Apache的环境。
I am now curious as to where exactly lies the danger of exploitation, specifically in a PHP / Apache context.
毕竟,PHP脚本文件可以从外部(即通过向Web服务器呼叫,并随后向帧间preTER)执行不管它是否被标记为可执行,不能它?这同样适用于通过命令行名为 PHP 间preTER文件,对不对?
After all, a PHP script file can be executed from the outside (i.e. through a call to the web server, and subsequently to the interpreter) no matter whether it is marked as "executable", can't it? And the same applies to files called through the command-line php interpreter, right?
那么究竟哪里是用漏洞777 ?难道在同一台机器上的其他用户可以访问由世界可写文件的事实?
So where exactly is the vulnerability with 777? Is it the fact that other users on the same machine can access files that are made world writable?
推荐答案
这里有一个场景:
- 您有一个用户可以上传,未受保护的目录
- 他们上传两个文件:一个shell脚本,并且有一个
的PHP文件系统()呼叫它的shell脚本 。 - 他们进入,他们只是通过访问URL在他们的浏览器,导致shell脚本来执行上传的PHP脚本。
- You have an unprotected directory that users can upload to.
- They upload two files: a shell script, and a php file that has a
system()call in it to the shell script. - they access the php script they just uploaded by visiting the url in their browser, causing the shell script to execute.
如果这个目录是777,这意味着,任何人(包括用户阿帕奇,这是PHP脚本会执行)可以执行它!如果执行位未在该目录和$ P $设置目录内psumably的文件,那么上面步骤3将什么都不做。
If this directory is 777, that means that anybody (including the user apache, which is what php script will execute as) can execute it! If the execute bit is not set on that directory and presumably the files inside the directory, then step 3 above would do nothing.
从注释编辑:这不是PHP文件的权限问题,它是在系统(),将通过Linux系统调用来执行PHP文件中调用Linux的用户阿帕奇(或任何你的Apache设置为运行),这是preCISELY在那里执行位的问题。
edit from the comments: it's not the PHP file's permissions that matter, it's the system() call inside the PHP file that will be executed as a linux system call by the linux user apache (or whatever you have apache set to run as), and that is PRECISELY where the execution bit matters.
这篇关于在PHP /阿帕奇/ Linux的背景下,为什么恰恰是搭配chmod 777危险?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
