On 1 fév, 15:42, Tom Boutell <[email protected]> wrote: > > Having write permission on the directory allow to delete a file from > > it, not overwrite it ; if the .htaccess file is 444, it's impossible > > to overwrite it with an uploaded file. > > This is incorrect. I'm not nitpicking here, I honestly wasn't sure > myself and had to test it: > > boutell# su > Password: > [r...@boutell foo]# pwd > /tmp/foo > [r...@boutell foo]# touch bar > [r...@boutell foo]# chmod 444 bar > [r...@boutell foo]# ls -l bar > -r--r--r-- 1 root root 0 Feb 1 08:38 bar > [r...@boutell foo]# ls -ld . > drwxrwxrwx 2 boutell users 4096 Feb 1 08:38 . > [r...@boutell foo]# su - bryan > [br...@boutell ~]$ cd /tmp/foo > [br...@boutell foo]$ rm bar > rm: remove write-protected regular empty file `bar'? y > [br...@boutell foo]$ ls -l > total 0 > > > However, I also think Symfony is too loose on permissions to be > > deployed in production as is (I'm not even talking about ini_set and > > memory_limit calls...). > > 777 is fine in a VM hosting environment ("this is a Linux virtual > machine in which you have root, there are no other clients able to see > any of your files ever, and your web site is the only thing running"). > And at current prices it doesn't make any sense to deploy in less than > a VM environment. >
Sorry, you haven't read well my post : I never said you can't delete it : I said, you can't overwrite it ;) Your demonstration shows a rm, not an echo "pouet" > bar. The point is : delete is impossible without running a script, and a script can't be runned without overwriting the .htacess, if the security is hold in it. Fabien was write here. The thing is it only protects Apache. I think Symfony should minize its dependency to Apache. Moreover, VM can't be an argument to develop not correctly (in terms of security) : a VM may "protect" a 777 file or dir against shared- hosted clients, but it is not protecting at all against intrusion of the system (via a PHP script or an exploit on an other part of the server (SSH, Mail server, whatever)). An intruder can the corrupt the cache, or delete any file in the upload dir from any local user in the system (not only root) who can access the symfony root. You may rely on permissions of the parent directories ; i don't. Regards, Florian MAURY -- You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en.
