[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #58658] A generic enabling of execute flags is an insecure default
From: |
Boud Roukema |
Subject: |
[bug #58658] A generic enabling of execute flags is an insecure default |
Date: |
Fri, 26 Jun 2020 11:05:29 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 |
URL:
<https://savannah.nongnu.org/bugs/?58658>
Summary: A generic enabling of execute flags is an insecure
default
Project: Reproducible paper template
Submitted by: boud
Submitted on: Fri 26 Jun 2020 03:05:27 PM UTC
Category: None
Severity: 3 - Normal
Item Group: Enhancement
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
This seems to me to be a security bug - not urgent - but we do
want to encourage secure coding practices by users.
Disable chmod of shell file executable flags by default
Prior to this commit, every time `./project` is run, the
files in several directories where executable shell scripts
are expected to be found have `chmod +x` applied to them.
This earlier behaviour is risky in terms of security, because
users may place files that are not intended to be executable
scripts in these directories. While such a choice would normally
that would decrease the clarity of the project, there could be
situations where this is reasonable - e.g. as a temporary hack.
In particular, users may keep backup copies of modified scripts
in these directories, which they try to disable by using `chmod
ugo-x`. Backup copies of scripts created automatically could
include, for example, `reproduce/software/shell/configure.sh~`.
It is also risky to give execute rights to the `group` and
`other` categories of users, since by default, execute privileges
on files should not be given to those users who do not need it.
When running `./project`, especially during analysis stages, the
situation before this commit assumes that the user knows the full
consequences of the `project` script and is aware that s/he has
to override them by editing `project` if s/he wishes to minimise
execute privileges on files.
With this commit, a new option to `./project --configure` is
provided, --enable-shell-execute-flag. This only does `chmod u+x`,
not `chmod +x`.
By default, this new option is *disabled*, so the default behaviour
differs from earlier commits. However, the `chmod u+x` action is
*enabled* during initial configure, when `--existing-conf` is not
(yet) chosen by the user.
The comments in `project` are modified to take into account these
updates.
TODO: I'm not sure how this relates to the `group` mode of `maneage`,
which might require `ug+x`.
PROPOSED FIX:
https://codeberg.org/boud/maneage_dev/src/branch/security_chmod_flag
https://codeberg.org/boud/maneage_dev/commit/4124fa6949c8657d171a430ef9ca4476b3ec9e93
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/bugs/?58658>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #58658] A generic enabling of execute flags is an insecure default,
Boud Roukema <=