
Why is “chmod -R 777 /” destructive? - belltaco
http://serverfault.com/questions/364677/why-is-chmod-r-777-destructive
======
jandrese
That article is more than a little hyberbolic. If you're talking about your
home machine (which you probably are if you're doing some thing dumb like
this), then the sudden lack of security isn't as big of a deal as the answer
suggests. Theoretically you shouldn't have any malicious users around to make
a mess of your suddenly compromised system.

In fact going down the list:

1\. Irrelevant on a typical end user system 2\. Certainly a problem, but not a
showstopping one. Remote SSH logins will be broken for instance, but this
won't prevent your machine from booting. 3\. Blowing away the SUID/SGID bits
would prevent the programs from running normally, but since you've opened up
the rest of your permissions they might still work. 4\. I've never personally
seen that behavior, but I can believe it might happen. It would be pretty
broken IMHO. What happens when root runs your script by hand for some reason?
5\. This seems mostly irrelevant on an end user system. 6\. Mostly irrelevant
on end user systems. 7\. Mostly irrelevant on end user systems. The dot in
your path is also a bit of an overblown danger, as long as you have it at the
end of your path. With the dot at the end a malicious user needs to basically
typosquat in a directory they think an admin is going to be in. In terms of
attack vectors it is a weak and fairly obvious one. 8\. Destroying the ACLs
seems like the least of your problems at this point. Restoring the permissions
is going to require a full reinstall anyway.

So yeah, don't screw up the permissions on your system, but if you do it's not
the end of the world. You should be able to save any data that wasn't already
backed up and maybe toss out a few "I'm going to be offline for a bit while I
reinstall" emails assuming you aren't on a multiuser system.

If you are on a multiuser system then it's far more of a catastrophe, as
totally open permissions make the machine a candyland for an attacker. At this
point the only thing you can do is pull the power and grab the OS install
disks.

~~~
lambada
I'd note the original question is posted on serverfault, so the context isn't
that of a traditional end user, but instead a server admin on a multi-user (or
publically accessible) server.

------
nailer
FYI you can get modes back by checking the original packages.

