chmod 757 安全吗?
由于我在共享主机上,我想添加一个图像托管脚本,似乎755不允许我上传图像,所以我将文件夹更改为757,chmod到757安全吗?
As i am on a shared host , i want to add a image hosting script and it seems that with 755 it doesnt allow me to upload images, so i changed the folder to 757 , is it safe to chmod to 757?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
一句话,不。用两个字来说,“见鬼。不!”
让我们解释一下 757:这将是
现在,考虑有人恶意上传一个简短的 shell 脚本:
更新
啊哈,“文件夹”。好的,事情是这样的:如果您没有在目录上设置执行位,则会阻止搜索目录。主机要求您执行 world=RWX 的原因是他们没有像您一样运行 Web 服务器,因此他们采用简单而愚蠢的路线来修复它。
这里有两种可能性:
他们有一些方案来确保该目录中上传的文件的权限不能设置执行位
它们没有并且还没有被烧毁
这里有一篇文章介绍什么是更好的方法。
假设您的主机不是傻子,看看 775 会发生什么。
In a word, no. In two words, "hell. no!"
Let's interpret 757: that would be
now, consider someone malicious uploading a short shell script:
Update
Aha, the "folder". Okay, here's the deal: if you don't have the execute bit set on a directory, that blocks searching the directory. The reason the host is asking you to do the world=RWX is that they aren't running the web server as you, so they're taking the simple and dumb route to fix it.
There are two possibilities here:
they have some scheme in place to make sure that the permission of uploaded files in that directory can't have the execute bit set
they don't and haven't gotten burned yet
Here's an article on what better methods are.
On the assumption that your hosts aren't fools, see what happens with 775.