Re: Ownership and permissions for applications: security issues?
Re: Ownership and permissions for applications: security issues?
- Subject: Re: Ownership and permissions for applications: security issues?
- From: Peter Mulholland <email@hidden>
- Date: Thu, 13 Sep 2007 18:07:42 +0100
Hello Stefan,
Thursday, September 13, 2007, 8:47:43 AM, you wrote:
> It seems that the recommended permissions for applications and the
> directories inside them is 775; at least that's what the Software
> Distribution Legacy Guide says. The current Software Distribution Guide
> doesn't talk about it any more. The BSD Permissions and Ownership
> chapter in the File System Overwiew guide recommends 755, though.
> I wonder if having permissions of 7xx isn't a huge security issue
> though, at least for software that is distributed on disk images for a
> manual drag-and-drop install: in that case the files will be owned by
> the current user (unless they go to the trouble of unchecking the
> "Ignore ownership on this volume" flag on the disk image). This means
> that if a non-admin user installs the software by dragging the
> application to his /Applications folder (authorizing with an admin
> password in the process), the application will be owned by the current
> non-admin user and be writeable by him. It is now trivially easy for a
> trojan horse to replace the contents of such an application (either just
> the executable, or the entire Contents folder) with some malware.
> For this reason, I have always distributed my own software with 555
> permissions for all folders and executable files, and 444 for all other
> files. Looking through my Applications folder, I see that my
> application is the *only* one with these permissions; all others have
> either 755 or 775 (some are owned by me, some by root).
> The reason why this came up recently is that a user complained about the
> "Add" button being greyed out in the Languages section of the Get Info
> window for my application. He requested that I distribute the
> application with write permissions on *.app, Contents, and Resources to
> fix this, which I don't want to do. I think the Finder should leave the
> Add button available in this case, requesting authorization if the
> current user doesn't have permission to install languages.
> Any opinions?
If the user is an "admin" user, then this is irrelevant as any malware
could just call chmod() or whatever.
In practice, attempting to restrict access causes all sorts of issues,
eg when the user wants to uninstall the program, he goes to delete it
only to be told access denied. You then get grief when he
e-mails/calls you to complain that he cant get your software off of
his machine.
My installers do the following:
Set UID to whatever user is installing, and GID to "admin".
Set folders and executables as 775, and everything else 664.
This allows the user who installed full access (which is always an
admin user).. anyone in the admin group full access (which means any
admin can delete the program), and everyone else gets read only (any
non privileged users).
--
Best regards,
Peter mailto:email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden