Why is chmod 777 dangerous in PHP/Apache/Linux?

Why Chmod 777 Can Be Dangerous in PHP / Apache / Linux

It's frequently emphasized that setting permissions to 777 on directories or files in Linux-based web hosting is unwise. However, the specific vulnerability posed by this permission level in a PHP / Apache context deserves further exploration.

Despite the fact that PHP scripts can be executed remotely through web server and interpreter calls regardless of their "executable" status, the vulnerability of 777 permissions arises in another way. Consider the following scenario:

1. An unprotected directory allows user uploads.
2. Users upload a shell script and a PHP file containing a system() call to the shell script.
3. The PHP script is accessed via a browser URL, triggering the execution of the shell script.

If the directory is set to 777, anyone (including the Apache user, which PHP scripts execute as) can execute the script. If the execute bit is not set on the directory and its contents, step 3 would be ineffective.

It's crucial to note that it's not the PHP file's permissions that matter but rather the system() call within it. This call is executed as a Linux system call by the Apache user, highlighting the critical role of execution permissions in this context.

The above is the detailed content of Why is chmod 777 dangerous in PHP/Apache/Linux?. For more information, please follow other related articles on the PHP Chinese website!