Visit The New, Modern Unix Linux Community


privileges


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers privileges
# 1  
privileges

I have a website that I am working on and one of the pages allows people to upload pictures to be used on other pages. My question is: is it safe to set the privileges to 777 on the folder that the pictures are saved in? Or would that open up my site to be hacked, bugged, wormed...and everything else that "creative coders" can come up with.

~Josh
# 2  
Someone could easily misuse the directory permissions. A better solution would be change the picture directory permissions to 722. This allows users to add pictures to the picture directory while preventing a bunch of malicious attacks.

I can think of some already...

1) Someone uses the upload feature on your website to upload a malicious script to the server. They then enter some shell escape sequences followed by a command to execute the file in the same picture upload feature.

2) Some uses shell escape sequences to view directories, processes, open source files, view payrolls, and other files that don't have properly set permissions.

3) Someone uses shell escape sequences then execute rm -f * in the picture directory.

If your script filters out shell escape sequences and don't allow users to have execute permissions then alot of these attacks are preventable, but there's still more.

Just a few words of advice. Smilie
 

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #769
Difficulty: Medium
Intel Core i7 (2008) has an 8 MB on-die unified L3 cache that is inclusive, shared by all cores.
True or False?

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

X11 privileges

Hi What privileges I need to install X11? Or, in other words, can I install X11 without root privileges? The only user that installed X11 will use it. If it depends on OS version, here is the list of operating systems: Linux Red Hat Enterprise AS/ES 4.0/4.5/5 ... (1 Reply)
Discussion started by: lleontiev
1 Replies

2. Shell Programming and Scripting

Privileges like root

My English is no very good. I must make a bash scripting sh create like a backdoor, and when execute the script a user without privileges convert in super user or root, whithout introducing the password. In Spanish: Crear un script que sirva como puerta trasera al sistema, de manera que al... (1 Reply)
Discussion started by: kitievbr
1 Replies

3. Programming

Grant privileges in Oracle

i have installed oracle 10g and two databases. i enter database1 as sysdba and create a user called user1.i give the privileges as "select on" to user1. i enter sqlplus from the shell prompt. i enter as user1. but when i do "select * from emp" i have a "the table doesn't exist". how can i give... (3 Replies)
Discussion started by: symeje
3 Replies

4. Web Development

no privileges in phpMyAdmin

Salamo Alikom i had install MySQL 5.1.33 binary version for FreeBSD ,when i logging to phpMyAdmin as root i see no privilege to create database ,how can i solve this problem ? (1 Reply)
Discussion started by: SIFE
1 Replies

5. AIX

copy a fs with the same privileges

Hi All, I use "cp -R /fs/* /newfs" and I can copy everything except it won't have the files/directories the same privileges. Is there a trick to this without using a software-backup. Thanks in advance, itik (3 Replies)
Discussion started by: itik
3 Replies

6. UNIX for Dummies Questions & Answers

root privileges

Hello, As admin with root rights, to execute any command from another user without password-ask, I do : su - <user> -c "<cmd>" But how can I do to give the same rights to another physical user without using root user ? :confused: I've try to create another user "toor" with the same primary... (4 Replies)
Discussion started by: madmat
4 Replies

7. UNIX for Dummies Questions & Answers

ACL vs privileges

Hello genius..! what do y'all think of these questions...? help appreciated...! Access Control Lists and privileges.... # Why both file ACLs and user permissions/privileges (not to be confused with rights in ACLs) are used in Windows access control (why not just use one of these)? # In... (1 Reply)
Discussion started by: heroine
1 Replies

8. UNIX for Dummies Questions & Answers

Regular account but with more privileges

I have 3 simple and regular accounts the privileges are ordinary They can't execute or write to differed account but can read from each other I will like to turn one of the accounts to be able to copy files to other account But not able to delete any file in other account only copy files ... (2 Replies)
Discussion started by: umen
2 Replies

9. Programming

root privileges

Hi I have make a program that needs root privleges but any user can try to run it, so what I want it is, when any user tries( other than root ) to run the program, an input prompt would open to enter root password ( if user knows ) and program will run ( otherwise exit ), and after completing... (21 Replies)
Discussion started by: sumsin
21 Replies

10. UNIX for Advanced & Expert Users

User Privileges

I have used several Linux Flavors and now I need to know something. I have the ROOT user and then I have my personal user. What I need to do is for my normal user to be able to write files to directories where appearntly, only the root user has privileges. For example, to write files to... (1 Reply)
Discussion started by: gdboling
1 Replies

Featured Tech Videos