Is chmod 757 safe?
As i am on a shared host , i want to add a image hosting script and it seems that with 755 it doesnt all开发者_StackOverflowow me to upload images, so i changed the folder to 757 , is it safe to chmod to 757?
In a word, no. In two words, "hell. no!"
Let's interpret 757: that would be
- owner: read write execute
- groups that have permissions on the file: read - execute
- the rest of the freaking world: read write execute
now, consider someone malicious uploading a short shell script:
#!/bin/sh --
rm -rf /
Update
Aha, the "folder". Okay, here's the deal: if you don't have the execute bit set on a directory, that blocks searching the directory. The reason the host is asking you to do the world=RWX is that they aren't running the web server as you, so they're taking the simple and dumb route to fix it.
There are two possibilities here:
they have some scheme in place to make sure that the permission of uploaded files in that directory can't have the execute bit set
they don't and haven't gotten burned yet
Here's an article on what better methods are.
On the assumption that your hosts aren't fools, see what happens with 775.
精彩评论