On my original site, after much fussing, I'd set all my permissions in such a way that wordpress could write where it needed to, using good ol' chmod 777. Needless to say, the security problems are apparent in making entire directories writable.
Later on I went to install QDig (http://qdig.sf.net), and reading through the installation documents discovered a neat little trick: chmod 2777. Apparently, I could set this temporarily, allow QDig to write its files, then set the permissions back to 755 as they should be. But QDig would still have permissions to write to the directory!
This is amazing I thought, I must try it with WP and plug that security hole...
It didn't work. Is there something special in QDig's code that allows it to make use of this security feature? Or is WP designed in such a way that this method could never be used? Could it be hacked in? A plugin?
If anybody has any experiences with this kind of thing I would be extremely pleased to hear about them (even if it is, "Nop, doesn't work." At least I'll know to stop trying).