Ownership and permissions for applications: security issues?
Ownership and permissions for applications: security issues?
- Subject: Ownership and permissions for applications: security issues?
- From: email@hidden (Stefan Haller)
- Date: Thu, 13 Sep 2007 09:47:43 +0200
- Organization: Ableton
It seems that the recommended permissions for applications and the
directories inside them is 775; at least that's what the Software
Distribution Legacy Guide says. The current Software Distribution Guide
doesn't talk about it any more. The BSD Permissions and Ownership
chapter in the File System Overwiew guide recommends 755, though.
I wonder if having permissions of 7xx isn't a huge security issue
though, at least for software that is distributed on disk images for a
manual drag-and-drop install: in that case the files will be owned by
the current user (unless they go to the trouble of unchecking the
"Ignore ownership on this volume" flag on the disk image). This means
that if a non-admin user installs the software by dragging the
application to his /Applications folder (authorizing with an admin
password in the process), the application will be owned by the current
non-admin user and be writeable by him. It is now trivially easy for a
trojan horse to replace the contents of such an application (either just
the executable, or the entire Contents folder) with some malware.
For this reason, I have always distributed my own software with 555
permissions for all folders and executable files, and 444 for all other
files. Looking through my Applications folder, I see that my
application is the *only* one with these permissions; all others have
either 755 or 775 (some are owned by me, some by root).
The reason why this came up recently is that a user complained about the
"Add" button being greyed out in the Languages section of the Get Info
window for my application. He requested that I distribute the
application with write permissions on *.app, Contents, and Resources to
fix this, which I don't want to do. I think the Finder should leave the
Add button available in this case, requesting authorization if the
current user doesn't have permission to install languages.
Any opinions?
--
Stefan Haller
Ableton
http://www.ableton.com/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden