"Philippe Lemmerling" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I have a question concerning security of my file upload script. I'm using > the php upload routines (move_uploaded_file,...) and variables ($_FILES) to > upload images to a webdirectory. Everything works fine, meaning that I can > upload images BUT only if I change the permission of the directory to which > the uploaded images are moved to 777. I guess that this is not such a good > thing from security point of view. So here are some questions I have: Yeah, pretty sure about that 777-thingie.
> 1) is this really that dangerous? How could this be exploited by an > attacker? Am unsure about it, as to I'm no attacker to any system. But from my background I can say, that whereever public write permissions are set, any (tricky) attacker will find a way into. > 2)using chmod in my php script (to switch back and forth between 700 and > 777) is not an option since I'm on a virtual host and PHP is in safe mode Are you really sure about the privileges set to 777? Think of the following: My server does run under account User websrv Group webusers So the PHP script will be running under the same user account, using it while doing all the chown,chmod,move_uploaded_file... things. But if the upload directory /www/uploads/ is created by root, the websrv user will have no write privilege to that directory. Another thing to keep in mind is the umask. If you chmod to 777, might be 755 only, due to an umask value of 022. So always keep an eye on that. Try looking up the ini-setting about upload-directory defined by the ISP (for you it should be the local value rather than a global) > 3)creating a directory which is not reachable by webbrowser does not seem to > be possible either since outside my webdirectory; everything is root-owned > and obviously only my ISP has root permission ;-) You are able to do so, but not outside your chroot/docroot! Simple create the directory within the chroot you are able to and create an .htaccess disallowing all users from remote systems to change into or request files from inside (lookup some resource about .htaccess files. Should be something like the following (surrounded by <Directory "/your/path/to/upload/dir"></Directory> I guess): Order Deny,Allow Deny from all Allow from localhost -- Dennis Sterzenbach www.darknoise.de -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
