即使 CHMOD 为 555,PHP 仍可写入文件?
我有一个新服务器,当使用我的 php 脚本时,我能够写入文件并检测它们是否可写,即使 CHMOD 将它们设置为 555 或 755。 是否有 apache 模块或 php.ini 正在执行此操作可能的?这是安全问题吗?
I've got a new server and when using my php script, I'm able to write files and detect them as being writable even though CHMOD has them as 555 or 755. Is there an apache module or php.ini that is making this possible? Is this a security problem?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您的服务器/卷使用什么文件系统?
某些文件系统使用不同的权限方案,例如除了 Unix 权限之外或代替 Unix 权限,还使用访问控制列表。例如,您可能正在使用使用 ACL 的 AFS 或 OpenAFS(Andrew 文件系统),在这种情况下,您必须输入完全不同的命令来更改访问权限。询问您的网络管理员;他们应该能够回答这个问题。或者你可以尝试跑步,
看看会带来什么。
What filesystem is your server/volume using?
Some filesystems use different permission schemes, like Access Control Lists in addition to or instead of Unix permissions. For example, you might be using AFS or OpenAFS (Andrew File System) which uses ACL's, in which case you'd have to enter a completely different command to change access. Ask your network administrator; they should be able to answer that. Or you can try running
to see what that gives you.
您可能想在此处阅读有关文件权限的信息:
http://www.zzee.com/ Solutions/unix-permissions.shtml
这应该可以让您了解正在发生的事情。
它不一定是安全漏洞,文件权限是服务器端的,但如果人们可以上传文件,理论上他们可以通过某种方式在您的服务器上运行自己的代码来造成伤害......
You might want to read up on file permissions here:
http://www.zzee.com/solutions/unix-permissions.shtml
That should give you a clue about whats going on.
It doesn't have to be a security hole, file permissions are server side, but if people can upload files they can theoretically, potentially inflict harm by somehow getting their own code running on your server....