"Philippe Lemmerling" <[EMAIL PROTECTED]> wrote in
message news:[EMAIL PROTECTED]
> I have a question concerning security of my file upload script. I'm
using
> the php upload routines (move_uploaded_file,...) and variables
($_FILES) to
> upload images to a webdirectory. Everything works fine, meaning that I
can
> upload images BUT only if I change the permission of the directory to
which
> the uploaded images are moved to 777. I guess that this is not such a
good
> thing from security point of view. So here are some questions I have:
Yeah, pretty sure about that 777-thingie.

> 1) is this really that dangerous? How could this be exploited by an
> attacker?
Am unsure about it, as to I'm no attacker to any system.
But from my background I can say, that whereever public write
permissions are set, any (tricky) attacker will find a way into.

> 2)using chmod in my php script (to switch back and forth between 700
and
> 777) is not an option since I'm on a virtual host and PHP is in safe
mode
Are you really sure about the privileges set to 777?
Think of the following: My server does run under account
User websrv
Group webusers
So the PHP script will be running under the same user account, using it
while
doing all the chown,chmod,move_uploaded_file... things.
But if the upload directory /www/uploads/ is created by root,
the websrv user will have no write privilege to that directory.

Another thing to keep in mind is the umask. If you chmod to 777, might
be
755 only, due to an umask value of 022. So always keep an eye on that.

Try looking up the ini-setting about upload-directory defined by the ISP
(for you it should be the local value rather than a global)

> 3)creating a directory which is not reachable by webbrowser does not
seem to
> be possible either since outside my webdirectory; everything is
root-owned
> and obviously only my ISP has root permission ;-)
You are able to do so, but not outside your chroot/docroot!
Simple create the directory within the chroot you are able to and create
an
.htaccess disallowing all users from remote systems to change into or
request
files from inside (lookup some resource about .htaccess files. Should be
something like the following (surrounded by <Directory
"/your/path/to/upload/dir"></Directory> I guess):
Order Deny,Allow
Deny from all
Allow from localhost

--
 Dennis Sterzenbach
 www.darknoise.de

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to