How will a server become vulnerable with chmod 777?

Question

I often read articles saying something along the lines of

chmod 777 is bad!

I was wondering:

How do I become vulnerable

Answer 1

If the attacker only has access to the web interface (not to the files, say, via another account on the same shared hosting) then mode 777 doesn't directly open any vulnerabilities. What it does is make it easier for the attacker to change things on the site once they get in some other way.

For instance, suppose you have a WordPress site and there's a bug somewhere that allows the attacker to execute arbitrary PHP code under the credentials of the server daemon (this has happened many times in the past and will no doubt happen again in the future). The code for WordPress itself is stored in .php files that the server daemon can read. If those files are mode 777 then the attacker can write to them - which means they can modify the code - changing what your site does. Perhaps they install a "drive by exploit" kit and now everyone who visits your site gets their browser hacked. Perhaps they install a SEO spam kit and now Google thinks you're selling Viagra (but if you visit the site directly it's invisible -- yes, this really happens).

If the .php files are mode 755, and owned by a user who isn't the server daemon, then the attacker can't permanently change what the site does.

Note that this means WordPress's self-upgrade-from-the-admin-panel feature is risky, since it only works if WordPress can modify itself -- you can't have that and also have the adversary unable to modify files once they can execute arbitrary PHP.

Note also that you're only 100% safe in this regard if there are no files and no directories that the server daemon can modify. Even just allowing file upload to a single directory can still be a problem - even if the only thing you let anyone put in there is image files. (If that seems impossible, have a look at http://lcamtuf.coredump.cx/squirrel/.)