CHMOD 和我的服务器上目录的安全性
我的服务器上有一个文件夹,我已将其权限更改为 777(读取、写入和执行全部),以允许用户上传他们的图片。
所以我想知道,这其中涉及到哪些安全风险?
我已经实现了代码来限制可以上传的文件格式,但是如果有人找到目录的位置会发生什么,这会对我的服务器构成威胁吗?
他们可以开始上传他们想要的任何文件吗?
谢谢。
I have a folder on my server on which I have changed the permissions to 777 (read, write and execute all) to allow users to upload their pictures.
So I want to know, what are the security risks involved in this?
I have implemented code to restrict what file formats can be uploaded, but what would happen if someone was to find the location of the directory, can this pose any threat to my server?
Can they start uploading any files they desire?
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
如果不出意外,我将删除所有用户的可执行权限(如果不是所有者和组)。 启用此功能后,某人可以上传看起来像图片但实际上是可执行文件的文件,这可能会造成无休止的损坏。
可能还删除所有用户的读写权限,并将其限制为仅所有者和组,除非您需要匿名访问。
If nothing else, I would remove the executable permissions for all users (if not owner and group as well). With this enabled, someone could upload a file that looks like a picture but is really an executable, which might cause no end of damage.
Possibly remove the read and write permissions for all users as well and restrict it to just owner and group, unless you need anonymous access.
您不希望可执行位打开。 就 *nix 而言,可执行位意味着您可以实际运行该文件。 例如,php 脚本可以以 JPEG 类型上传,然后如果有人知道位置并且它位于 Web 目录中,则可以运行该脚本。
You do not want the executable bit on. As far as *nix goes, the executable bit means you can actually run the file. So, for example, php scripts can be uploaded as type JPEG, and then someone can run that script if they know the location and it's within the web directory.
当用户通过 Web 表单和一些 PHP 脚本将文件上传到您的服务器时,服务器上的磁盘访问将通过 Web 服务器运行时使用的用户 ID 进行(通常为无人、www-data、apache、_httpd 甚至 root)。
请注意,无论哪个用户上传文件,都会使用此单个用户 ID。
只要没有本地用户通过其他方式(例如
ssh)访问系统,将上传目录权限设置为0777不会有太大区别 - - 除了有人利用系统中其他地方的安全漏洞之外,这些权限并不适用于任何人,这样的攻击者可能只会使用/tmp。只对实际需要的文件或目录设置权限始终是一个好的做法。 在这种情况下,这可能意味着:
我假设除了 Web 服务器之外的其他本地用户也希望访问这些文件,例如系统管理员或 Web 设计师。 将这些用户添加到您的 Web 服务器运行所在的组中,他们不需要
sudo或 root 权限即可访问该目录。 此外,+s表示upload/中的新文件和目录将自动归同一组所有。至于你的最后一个问题:仅仅因为攻击者知道目录在哪里,并不意味着他可以神奇地使文件出现在那里。 仍然必须有某种正在运行的服务来接受文件并将它们存储在那里......所以不,将权限设置为
0777并不会直接降低其安全性。尽管如此,在整个设置中,还有几个“安全”和“安全”方面的问题无法通过文件权限来解决:
...可能还有更多。 您可能已经在上传脚本中解决了其中一些问题,但话又说回来,在学习安全问题时,通常在一开始就需要了解 unix 文件权限及其应用范围,这表明您可能还没有准备好解决所有问题可能出现的问题。
让某人查看您的代码!
When users are uploading files to your server through a web form and some PHP script, the disk access on the server happens with the user id the web server is running under (usually nobody, www-data, apache, _httpd or even root).
Note here, that this single user id is used, regardless of which user uploads the file.
As long as there are no local users accessing the system by other means (
ssh, for example), setting the upload directories permissions to0777would make not much of a difference -- appart from somebody exploiting a security vulnerability somewhere else in your system there's no one those permissions apply to anyway, and such an attacker would probably just use/tmp.It is always good practice to set only those permissions on a file or directory that are actually needed. In this case that means probably something like:
I'm assuming that other local users besides the web server will want to access those files, like the sysadmin or a web designer. Add those users to the group your web server runs under and they don't need
sudoor root privileges to access that directory. Also, the+smeans that new files and directories inupload/will automatically be owned by the same group.As to your last question: just because an attacker knows where the directory is, doesn't mean he can magically make files appear there. There still has to be some sort of service running that accepts files and stores them there... so no, setting the permissions to
0777doesn't directly make it any less safe.Still, there are several more dimensions to "safety" and "security" that you cannot address with file permissions in this whole setup:
...and there are probably more. Some of those problems you may have addressed in your upload script, but then again, understanding of unix file permissions and where they apply comes usually waaaay at the beginning when learning about security issues, which shows that you are probably not ready yet to tackle all of the possible problems.
Have your code looked at by somebody!
这些用户通过什么方式上传他们的照片? 如果是通过网络进行的,那么您只需授予网络服务器或 CGI 脚本用户对该文件夹的访问权限。
这里最大的危险是用户可以覆盖其他用户的文件,或者删除其他用户的文件。 无法访问此文件夹的任何人都无法写入该文件夹(除非您有某种来宾/匿名用户)。
如果您需要一个每个人都可以在其中创建文件的目录,那么您想要的就是模仿 /tmp 目录的权限。
$ chown root:根目录; chmod 777 目录; chmod +t 目录;
这样任何用户都可以创建文件,但不能删除其他用户拥有的文件。
与其他人所说的相反,unix 系统中目录上的可执行位意味着您可以将该目录设为当前目录(cd 到它)。 与执行无关(执行目录是没有意义的)。 如果删除可执行位,则没有人能够“cd”到它。
By what means are these users uploading their pictures? If it's over the web, then you only need to give the web server or the CGI script user access to the folder.
The biggest danger here is that users can overwrite other users files, or delete other users files. Nobody without access to this folder will be able to write to it (unless you have some kind of guest/anonymous user).
If you need a directory that everyone can create files in, what you want is to mimic the permissions of the /tmp directory.
$ chown root:root dir; chmod 777 dir; chmod +t dir;
This way any user can create a file, but they cannot delete files owned by other users.
Contrary to what others have said, the executable bit on a directory in unix systems means you can make that directory your current directory (cd to it). It has nothing to do with executing (execution of a directory is meaningless). If you remove the executable bit, nobody will be able to 'cd' to it.