At 6:43 PM -0500 9/26/06, Richard Lynch wrote:
On Mon, September 25, 2006 3:58 pm, Andy Hultgren wrote:
> -- Since I'm only allowing image uploads, I can strictly filter which
files
are allowed to be uploaded (with extension checks and get_image_size).
Extension check is kinda useless...
I can name any file I want with .jpg and upload it.
get_image_size() is good, as it checks the first N bytes -- But
somebody somewhere can construct a worm with the first N bytes that
LOOK like a valid image, to get_image_size()
A human eyeball check would be even better, as then you *know* that a
much larger number of bytes are a valid image.
It could still be "image+worm" with the worm tacked on at the end, and
a valid image at the front, which the browser would probably just go
ahead and display as valid image. :-(
The odds of somebody able to construct a valid-looking image whose
exact byte sequence is also a worm are pretty low, but not
impossible... :-)
That's one of the reasons why I resize images I upload -- image files
are never stored "as-is". I figure that any possible worms contained
therein will probably be damaged beyond working after a shuffle.
After all, code is usually sensitive to alteration.
So when you read advice to use 0777 you can immediately change that to
0700, because the only access needed is for you, not your group, and
not the "world" of other users on that machine.
Excellent point -- thanks.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
