Question about rwxrwxrwx files and/or dirs
JD Austin
jd at twingeckos.com
Wed Aug 8 19:15:58 MST 2012
The mysql socket permissions are normal; I don't know about the other one.
On Wed, Aug 8, 2012 at 7:08 PM, <joe at actionline.com> wrote:
>
> Question about rwxrwxrwx files and/or dirs
>
> Lisa's reply to Keith prompted me to wonder if I perhaps had any rwxrwxrwx
> files or drwxrwxrwx directories on my system that might be a security
> risk. So, while I don't know how to search the entire hard disk for such
> files, I used variants of the following syntax to search for some.
>
> $ ls -ltr */* | fgrep rwxrwxrwx
> srwxrwxrwx 1 joe joe 0 Aug 7 11:35 mysql.socket=
>
> Another similar found this:
> srwxrwxrwx 1 joe joe 0 Aug 7 11:35 tmp/akonadi-joe.nMNQOV/mysql.socket=
>
> Another similar found this: /home/joe/mydata/graphics/psp
> drwxrwxrwx 3 joe 4096 Dec 12 2003 Freebies
>
> Another similar found a whole lot of: lrwxrwxrwx
>
> Do any of these suggest a security risk?
> Is there a better way to search more comprehensively for others?
> What, if anything, could I or should I do to eliminate a risk?
>
>
> ---------------------
> Lisa replied to Keith, in part:
> > Here's more on it:
> > http://wordpress.org/support/topic/advanced-problem-image-upload
> >
> > http://wordpress.org/support/topic/151290
> >
> > Solution:
> >
> > You need to use "chmod 777" for uploads to work.
> >
> > Security Issues:
> >
> > This is a security risk of course, since there are many spider scrapers
> > looking for an open permission directory to be able to write, say a fake
> > Phishing Site page for UPS with an email results script.
> >
> > Solution: (from Wordpress documentation):
> >
> > Base image directory
> >
> > The base image directory must be world writable i.e.: chmod 777
> > Base image URL
> >
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20120808/9eef4c9b/attachment.html>
More information about the PLUG-discuss
mailing list