« Likes
Admin upload facilities
[Idea] Badges related »

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Admin upload facilities
« on March 17th, 2012, 02:51 PM »
OK, since this has been asked, I'm going to explain this in a lot more detail.

The simple version: having any kind of ability where the admin uploads something for the forum itself, e.g. themes, plugins, smiley images, badges/rank images... this is a security risk. So too is media and attachments and avatars, but specific things can be done to mitigate those.

But anything that requires touching any of the core files is a serious security risk. Why? Because it requires opening up the core folders and files to higher permissions than they should have. This means making things writable by ANY USER on a shared host. Can we say 'hackable'? YES WE CAN!

The obvious answer is 'put permissions back again afterwards' but the thing is, people don't. They leave permissions set open for their own convenience later on, which is how come so many SMF installations get hacked at some time or another.[1]

Now, I have proposed a solution for this elsewhere but it's not a brilliant one. Specifically, it would require you (as the admin) to put in your FTP password periodically to upload things like plugins. Certain magic can be worked so that FTP (or SFTP) can be used to perform this kind of work, without making a security hole.

Before anyone asks, what are the chances of me giving you an admin upload facility that doesn't use FTP/SFTP and works solely by you changing permissions yourself? ZERO. There is ABSOLUTELY NO WAY IN HELL I will give you that ability. The idea is that you shouldn't be screwing around with it, and especially not screwing around with setting core files/folders to 777. And if you do, that's YOUR responsibility. My responsibility is in making a decision whether I give you a gun to shoot yourself with, or giving you an air rifle that probably won't kill you, you can guess where I'm going with this.
 1. Though I stress, it really isn't only SMF, it's just that's what I know for certain.
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

die2mrw007

  • One of the greatest platform ever which will make History - Wedge !!!
  • Posts: 25
Re: Admin upload facilities
« Reply #1, on March 17th, 2012, 03:15 PM »
Something like SHA Hash password will do better ?

And how exactly the CHMOD can be reconfigured everytime we make changes ?
One of the greatest platform ever which will make History - Wedge !!!

MultiformeIngegno

  • Posts: 1,337

die2mrw007

  • One of the greatest platform ever which will make History - Wedge !!!
  • Posts: 25

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Admin upload facilities
« Reply #4, on March 17th, 2012, 03:20 PM »
Quote
Something like SHA Hash password will do better ?
It won't make a single bit of difference.
Quote
And how exactly the CHMOD can be reconfigured everytime we make changes ?
That's the point. I DO NOT WANT YOU TO USE CHMOD. If you use CHMOD you still have to make everything insecure. I have a method that expressly does not require CHMOD, but it does require you to supply your FTP password.
Quote
Some time ago I read this, now I'm a bit confused.. :P
Because that is a touch naive.

> Not hardly.  Just some things in the forum's directory.  Not, of course, that you should do so with the entire directory - but it won't matter much if you do, so long as your server is configured reasonably correctly.

SHARED HOSTS ARE NOT CONFIGURED 'REASONABLY CORRECTLY'.

Yes, the DB is at no more risk than it would be otherwise. I'm just trying to prevent your forums being hacked, something that is reported pretty much EVERY SINGLE DAY on the simplemachines.org forum.

Or am I wasting my time and energy trying to keep you safe from your site being compromised and I should just stop caring about security?

die2mrw007

  • One of the greatest platform ever which will make History - Wedge !!!
  • Posts: 25
Re: Admin upload facilities
« Reply #5, on March 17th, 2012, 03:34 PM »
Quote from Arantor on March 17th, 2012, 03:20 PM
Or am I wasting my time and energy trying to keep you safe from your site being compromised and I should just stop caring about security?
Definitely not... I think we are just expressing the ideas behind it. Each webmaster is much more concerned about the security of their site and me too personally observed a lot forums been getting hacked and some hosting companies which doesnt provide them regular backups get the webmaster in biggest shock of loosing their hard work done so far simply due to security faults !!! I feel much pity for them.
So far my site havent gone with any such situation but chances are high as many still say SMF is having less security (Though I didnt believe much on this)

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Admin upload facilities
« Reply #6, on March 17th, 2012, 03:41 PM »
SMF is not in itself insecure. It's only insecure when people don't care about security and leave things in place.

If it were up to me, I wouldn't give you any upload facilities whatsoever, and have it ALL done via FTP (much like XenForo, I'll note) but I recognise that that approach isn't very friendly.

« Likes
[Idea] Badges related »