tags:

views:

39

answers:

1
Q: 

Security test for writing to remote directory

Short question: how can I test whether or not a directory in my website is in practice writable for the rest of the world (even outside my own machine)?

Context:

I run this website where the hosting provider has implemented an odd security system. To let PHP write files to disk on the (linux) server, the target dir should have write permissions for everyone.

To me this would seem like a gaping security hole (note there are no users uploading stuff, only my PHP script generating files), but my host told me its safe, as they've got other (unspecified) security measures in place to keep the world from accessing my target directory. I'm skeptical, so I want to make sure all is safe.

So, I know my directory permissions -- I have set them and tested them. I know my script can write to that directory. Now I want to make sure I really am the only one who can write to that dir, despite having given everyone file permissions to do so.

For example: is there a PHP function to write to a remote directory, like fopen('http://domain.tld/foo/evil-hack.php', 'w')? I have tested that and it doesn't work, but that doesn't prove to me that somebody else won't find another way.

A: 

The php function CHMOD is your answer:

http://php.net/manual/en/function.chmod.php

addition and fileperms(); should help you too.

Ben Fransen  2009-11-23 10:38:48
I know how to test it from the server itself. I want to know how I can test writing to that target directory from another machine (or another user on the same shared host) to make sure that despite giving everyone permission to write, my script actually really is the only one that _can_ write to it, as my host asserts.
avdgaag  2009-11-23 10:43:25
Ah I understand what you're trying to achieve. I'm gonna be in the same situation soon because I'm developing a webapplication for multiple users (read: different clients, with different databases). I *think* that when you try to write to a directory which is not a part of your hostingenvironment you can't write to that directory because you're locked in your homedirectory. And maybe apache 'starts' another user for processing the request for two different hostingaccounts. Though this is only a wild guess, as I mentioned, I'm about to face the same situation in a few weeks ;)
Ben Fransen  2009-11-23 12:35:56

related questions

Obscuring network proxy password in plain text files on Linux/UNIX-likes
Why doesn't **find** find anything?
Getting stack traces on Unix systems, automatically
Differences between unix and windows files
How do you do a case insensitive search using a pattern modifier using less ?
Using Visual Studio to develop for C++ for Unix
How do I generate ASCII codes 2 and 3 in a Bash command line?
What's in your .procmailrc
Allow user to set up an SSH tunnel, but nothing else
What is PHP Safe Mode GID?
How to avoid redefining VERSION, PACKAGE, etc.
How can I encode xml files to xfdl (base64-gzip)?
Faster way to find duplicates conditioned by time
Date arithmetic in Unix shell scripts
Using Xming X Window Server over a VPN
Windows Equivalent of 'nice'
How do I configure and communicate with a serial port?
Choosing a static code analysis tool
What should a longtime Windows user know when starting to use Linux?
How do I use (n)curses in Ruby?
Process size on UNIX
Getting root permissions on a file inside of vi?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
Fastest way to get value of pi