Re: Ownership and permissions for applications: security issues?
Re: Ownership and permissions for applications: security issues?
- Subject: Re: Ownership and permissions for applications: security issues?
- From: "Kyle Sluder" <email@hidden>
- Date: Thu, 13 Sep 2007 13:56:41 -0400
You cannot protect the user's files from the user. People who don't
understand this fundamental aspect of filesystem security and
therefore make it that much harder for the user to remove their
programs get deserved scorn.
--Kyle Sluder
On 9/13/07, Stefan Haller <email@hidden> wrote:
> It seems that the recommended permissions for applications and the
> directories inside them is 775; at least that's what the Software
> Distribution Legacy Guide says. The current Software Distribution Guide
> doesn't talk about it any more. The BSD Permissions and Ownership
> chapter in the File System Overwiew guide recommends 755, though.
>
> I wonder if having permissions of 7xx isn't a huge security issue
> though, at least for software that is distributed on disk images for a
> manual drag-and-drop install: in that case the files will be owned by
> the current user (unless they go to the trouble of unchecking the
> "Ignore ownership on this volume" flag on the disk image). This means
> that if a non-admin user installs the software by dragging the
> application to his /Applications folder (authorizing with an admin
> password in the process), the application will be owned by the current
> non-admin user and be writeable by him. It is now trivially easy for a
> trojan horse to replace the contents of such an application (either just
> the executable, or the entire Contents folder) with some malware.
>
> For this reason, I have always distributed my own software with 555
> permissions for all folders and executable files, and 444 for all other
> files. Looking through my Applications folder, I see that my
> application is the *only* one with these permissions; all others have
> either 755 or 775 (some are owned by me, some by root).
>
> The reason why this came up recently is that a user complained about the
> "Add" button being greyed out in the Languages section of the Get Info
> window for my application. He requested that I distribute the
> application with write permissions on *.app, Contents, and Resources to
> fix this, which I don't want to do. I think the Finder should leave the
> Add button available in this case, requesting authorization if the
> current user doesn't have permission to install languages.
>
> Any opinions?
>
>
> --
> Stefan Haller
> Ableton
> http://www.ableton.com/
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Xcode-users mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden