I've had a hard time figuring out the best way to handle this issue ... I once set an upload folder to 777 only to have a hacker set-up a bank phishing page in the directory.
The functionality I'm looking for is the ability to allow a user to upload an image via an html form <input type="file"> and then have the image displayed on certain public and private web pages. All of this without a security loop-hole.
WHAT I"VE GOT
I've got the form working fine.
I've got the PHP script working fine.
The upload is successful (when the directory is set at 777 or PHP owns the folder).
The image appears where I want it.
WHAT I TRIED
After the phishing expedition I took the 777 away and made it 755 but the PHP script wouldn't write to the directory. I discovered that this happens because the PHP script doesn't run under my website's uid but under its own. So I deleted the upload folder and had the script create the folder so that the folder would have the PHP uid as its creator - this solved the problem but then I read-up on phpsuexec and get the impression that it's possible for another PHP script on the server to "dive-into" that folder and do what it wants since the uid PHP is using is "nobody".
- Is it true that on a shared webserver using the PHP/Apache Module environment that a PHP script in a different home directory could actually get into my home directory if my files or directories are set to the PHP uid?[*]Does anyone have a secure upload model that would work in a PHP/Apache Module environment?
- Does anybody know if there's a method to change the PHP script uid to the website's uid?
Thanks in advance for your help!