Question about rwxrwxrwx files and/or dirs

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: joe@actionline.com
Date:  
To: Main PLUG discussion list
Old-Topics: Re: Making Dir writable by WordPress
Subject: Question about rwxrwxrwx files and/or dirs

Question about rwxrwxrwx files and/or dirs

Lisa's reply to Keith prompted me to wonder if I perhaps had any rwxrwxrwx
files or drwxrwxrwx directories on my system that might be a security
risk. So, while I don't know how to search the entire hard disk for such
files, I used variants of the following syntax to search for some.

$ ls -ltr */* | fgrep rwxrwxrwx
srwxrwxrwx 1 joe joe 0 Aug 7 11:35 mysql.socket=

Another similar found this:
srwxrwxrwx 1 joe joe 0 Aug 7 11:35 tmp/akonadi-joe.nMNQOV/mysql.socket=

Another similar found this: /home/joe/mydata/graphics/psp
drwxrwxrwx 3 joe    4096 Dec 12  2003 Freebies


Another similar found a whole lot of: lrwxrwxrwx

Do any of these suggest a security risk?
Is there a better way to search more comprehensively for others?
What, if anything, could I or should I do to eliminate a risk?


---------------------
Lisa replied to Keith, in part:
> Here's more on it:
> http://wordpress.org/support/topic/advanced-problem-image-upload
>
> http://wordpress.org/support/topic/151290
>
> Solution:
>
> You need to use "chmod 777" for uploads to work.
>
> Security Issues:
>
> This is a security risk of course, since there are many spider scrapers
> looking for an open permission directory to be able to write, say a fake
> Phishing Site page for UPS with an email results script.
>
> Solution: (from Wordpress documentation):
>
> Base image directory
>
> The base image directory must be world writable i.e.: chmod 777
> Base image URL
>



---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss