chmod 777 on apache working dir?

Is it hazardous to chmod 777 apache's working dir? Let's assume noone but me
has access to the machine both physically and over the LAN. The machine is
just runnig http and ssh services.

thanks!

> Is it hazardous to chmod 777 apache's working dir? Let's assume noone
> but me has access to the machine both physically and over the LAN. The
> machine is just runnig http and ssh services.

Yes, of course it's hazardous!

Imagine a CGI script runs (as nobody) but some simple bug in it allows an
anonymous person over HTTP to reference a file anywhere in the filesystem.

That's just one example. Lots of other possibilities, let's say some kind
of script goes awry and tries to delete files from the wrong tree
hierarchy. This would normally fail but in the mode 777 case can wreak
total havoc.

Mark Becker wrote:

> Is it hazardous to chmod 777 apache's working dir? Let's assume noone but me
> has access to the machine both physically and over the LAN. The machine is
> just runnig http and ssh services.

"It depends". Access over the LAN includes Apache itself, which may be
leveragable with permission 777 to install other delightful tidbits. It
also includes whatever other holes get discovered between now and then.

For plain published HTML directories, it's not unusual. But in that
case, why do you care about the permissions? Set them to group "apache"
with the group sticky bit to preserve group ownership, and let the
"apache" user whom most Apache setups access them.

*DO NOT* make the cgi-bin or other bin directories this open, just in
case....