Re: Ownership and permissions for applications: security issues?
Re: Ownership and permissions for applications: security issues?
- Subject: Re: Ownership and permissions for applications: security issues?
- From: Greg Guerin <email@hidden>
- Date: Thu, 13 Sep 2007 09:56:53 -0700
Stefan Haller wrote:
>For this reason, I have always distributed my own software with 555
>permissions for all folders and executable files, and 444 for all other
>files.
The only thing malware has to do to circumvent your 555 or 444 permissions
is apply the chmod(2) function to allow writing. It can then have its way
with all your files and dirs, exactly the same as if you'd distributed them
as 755 or 644. To me, calling chmod() doesn't seem like much of an
obstacle for any but the least-informed or least-competent of attackers.
Applying chmod() first would work even if the permissions of a file or dir
were 000 (all access denied). The owner of a file always has the ability
to change its permissions, and this cannot be removed or denied.
-- GG
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden