Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [wp-hackers] Backup, wp-content

  • To: wp-hackers@xxxxxxxxxxxxxxxxxxxx
  • Subject: Re: [wp-hackers] Backup, wp-content
  • From: Roy Schestowitz <r@xxxxxxxxxxxxxxx>
  • Date: Tue, 20 Dec 2005 02:15:11 +0000
  • Delivery-date: Tue, 20 Dec 2005 02:15:13 +0000
  • Envelope-to: s@schestowitz.com
  • In-reply-to: <43A7607F.1070705@skippy.net>
  • References: <43A7607F.1070705@skippy.net>
  • User-agent: Internet Messaging Program (IMP) H3 (4.0.3)
_____/ On Tue 20 Dec 2005 01:38:07 GMT, [Scott Merrill] wrote : \_____

I alerted the Forum crew that the wp-db-backup plugin bundled with the
forthcoming WordPress 2.0 requires that /wp-content/ be writable.  The
reason it requires write access is to create a non-obvious backup
directory in which to store the temporary file(s) (it appends the last
five characters of the md5 hash of the password in wp-config.php).

I opened a ticket about this:
  http://trac.wordpress.org/ticket/1934
which Matt closed.  I'm less than thrilled, but ultimately don't care
enough to push further.

A few forum folks were taken aback by the requirement for /wp-content/
to be writable:
http://comox.textdrive.com/pipermail/wp-forums/2005-December/001027.html
http://comox.textdrive.com/pipermail/wp-forums/2005-December/001029.html

This goes against the recommended file permissions defined in the
"Hardening WordPress" Codex guide (disclaimer: I wrote the recommended
file permissions for that page):
  http://codex.wordpress.org/Hardening_WordPress#File_permissions

I understand why this change was made, and I don't necessarily disagree
with it.  But it does substantially complicate support without providing
significantly improved security.  The current mechanism is still
susceptible to brute-force attacks to determine the specific characters
that make up the suffix for the backup directory.

I think one way to ease support, while simultaneously protecting the
backup directory, would be to stick an empty index.php inside the
/backup/ directory, and drop the use of the suffix.

I asked in #wordpress whether this is something I should bring to the
hackers list, to elicit more participation in the discussion, so here I am.

Do you all find it acceptable to require all of /wp-content/ to be
writable by the webserver (with the caveat that those that don't like it
don't need to use this plugin)?
Are there alternatives you might suggest?

Thanks,
Scott

I am probably missing something (like the trail of all arguments), but needn't wp-content be writable already? For image uploads to work from the dashboard, wp-content/uploads need to have its full path writable[1]. Although I had set this manually I noticed that wp-content/cache was set to 777 'out of the box'. /plugins and /themes remain read-only, as expect- ed. As long as you don't permit people to hijack your blog, the server will not be compromised.

Roy

[1]  In order for images to be conveniently managed and plug-ins have more
power, this might be desirable.


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index