Re: Can I set the access level to the files with specified suffix when creating?
- From: "ynotssor" <ynotssor@xxxxxxxxxxx>
- Date: Sat, 28 Oct 2006 10:24:33 -0700
"Zdenek Zikan" <xzikan@xxxxxxxxxx> wrote in message
news:J7uHsE.904@xxxxxxxxxxxx
To the best of my knowledge, it's mandatory to explicitly declare aEeeer ... why security reasons? I cannot see any.
script as executable using chmod, and there are security reasons
for such.
And _that_ is precisely the reason why.
WTF? Firstly, if this script is not executable, I can run it using "sh
script_name". Secondly, the script cannot do more than I can and if
run any program, it has the same effect with the difference that in
script files, I can (usually) watch the source. Thirdly, what is more
secure on having the script non-executable if I (or some malicious
code) can do "chmod u+x script && ./script"?
You need to study the principles of file permissions to see the error in
your statements above. Only root or the owner of a script can chmod the
script in the above manner, a clear statement of intent to do so. There is
what's considered a "security threshold", beyond which it is assumed that
you _intend_ the script to be executable, such as a deliberate chmod or "sh
scriptname". If you are an ordinary user then you can't damage anything
beyond your own user space.
"Security" doesn't necessarily imply malicious intent. Most security issues
arise from a simple uninformed decision or error on the part of a user (or
root). Executable file permissions are just one part of a larger security
philosophy that had its foundations in Unix, but has been included in Linux
by thoughtful reason of people far more intelligent than either of us.
.
- Follow-Ups:
- References:
- Can I set the access level to the files with specified suffix when creating?
- From: Lazytiger
- Re: Can I set the access level to the files with specified suffix when creating?
- From: ynotssor
- Re: Can I set the access level to the files with specified suffix when creating?
- From: Lazytiger
- Re: Can I set the access level to the files with specified suffix when creating?
- From: ynotssor
- Re: Can I set the access level to the files with specified suffix when creating?
- From: Zdenek Zikan
- Re: Can I set the access level to the files with specified suffix when creating?
- From: ynotssor
- Re: Can I set the access level to the files with specified suffix when creating?
- From: Zdenek Zikan
- Can I set the access level to the files with specified suffix when creating?
- Prev by Date: Re: does anyone know what MBR is?
- Next by Date: Error: Can't open display:
- Previous by thread: Re: Can I set the access level to the files with specified suffix when creating?
- Next by thread: Re: Can I set the access level to the files with specified suffix when creating?
- Index(es):
Relevant Pages
|
|
