Web lists-archives.com

Re: [PHP] File Permissions?





> Date: Wednesday, August 16, 2017 12:43:50 -0400
> From: Tedd Sperling <tedd@xxxxxxxxxxxx>
> 
>> On Aug 16, 2017, at 12:10 PM, Adam Jon Richardson
>> <adamjonr@xxxxxxxxx> wrote:
>> 
>> 755 is typical for directories, but 644 for files.
>> 
> 
> Adam:
> 
> If you set a file to 755, then how does bad guy do bad things with
> it?
> 
> Certainly, with 755 the owner can do anything he wants (read,
> write, execute), but the “group” and “everyone else” can
> only read and execute (5) the file — there is no “write” to
> the file. Without a “write”, then how can a bad guy
> change/upload a file?
> 
> There is something here I am not understanding. Please explain.
> 
> Cheers,
> 
> tedd

The question is not just permissions, but also ownerships. If the
directories/files are owned by the user that the web server runs as
(a disturbingly frequent recommendation) then all bets are off.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php