[wp-hackers] Backup, wp-content

Roy Schestowitz r at schestowitz.com
Tue Dec 20 02:15:11 GMT 2005 

_____/ On Tue 20 Dec 2005 01:38:07 GMT, [Scott Merrill] wrote : \_____

> I alerted the Forum crew that the wp-db-backup plugin bundled with the
> forthcoming WordPress 2.0 requires that /wp-content/ be writable.  The
> reason it requires write access is to create a non-obvious backup
> directory in which to store the temporary file(s) (it appends the last
> five characters of the md5 hash of the password in wp-config.php).
>
> I opened a ticket about this:
>   http://trac.wordpress.org/ticket/1934
> which Matt closed.  I'm less than thrilled, but ultimately don't care
> enough to push further.
>
> A few forum folks were taken aback by the requirement for /wp-content/
> to be writable:
> http://comox.textdrive.com/pipermail/wp-forums/2005-December/001027.html
> http://comox.textdrive.com/pipermail/wp-forums/2005-December/001029.html
>
> This goes against the recommended file permissions defined in the
> "Hardening WordPress" Codex guide (disclaimer: I wrote the recommended
> file permissions for that page):
>   http://codex.wordpress.org/Hardening_WordPress#File_permissions
>
> I understand why this change was made, and I don't necessarily disagree
> with it.  But it does substantially complicate support without providing
> significantly improved security.  The current mechanism is still
> susceptible to brute-force attacks to determine the specific characters
> that make up the suffix for the backup directory.
>
> I think one way to ease support, while simultaneously protecting the
> backup directory, would be to stick an empty index.php inside the
> /backup/ directory, and drop the use of the suffix.
>
> I asked in #wordpress whether this is something I should bring to the
> hackers list, to elicit more participation in the discussion, so here I am.
>
> Do you all find it acceptable to require all of /wp-content/ to be
> writable by the webserver (with the caveat that those that don't like it
> don't need to use this plugin)?
> Are there alternatives you might suggest?
>
> Thanks,
> Scott

I  am  probably missing something (like the trail of all  arguments),  but
needn't wp-content be writable already? For image uploads to work from the
dashboard,  wp-content/uploads  need  to have its full  path  writable[1].
Although  I had set this manually I noticed that wp-content/cache was  set
to 777 'out of the box'. /plugins and /themes remain read-only, as expect-
ed.  As  long as you don't permit people to hijack your blog,  the  server
will not be compromised.

Roy

[1]  In order for images to be conveniently managed and plug-ins have more
power, this might be desirable.

More information about the wp-hackers mailing list