Re: Question on File Permissions

[Colin Watson <cjwatson@debian.org>]

On Sun, Sep 22, 2002 at 10:26:42PM +0200, Gottfried Szing wrote:
> Am Son, 2002-09-22 um 22.05 schrieb Colin Watson:
> > I can't think of a situation where it's dangerous to grant execute
> > permission, unless the executable is set-id. If you can read the file
> > then you can always copy it off somewhere else, set the execute bit
> > yourself, and execute it. If it isn't set-id and allows you to do
> > something bad, well, you could clearly have done that without the aid of
> > the executable.
> 
> ok, to utilize the umask, you have two possiblities:
> 1. setting the umask for the whole process (apache)
> 2. setting the umask per request
> 
> ad 1. i think that this possibility can be ignored. because setting the
> exe-permission for all files created (even logfiles) is not really
> wanted.

Sure, it's often unnecessary, and something finer-grained would be
desirable. But you said it was dangerous, and that's what I picked up
on. Why?

> i explictly grant permissions on demand and after some checks. i dont
> give everyone access to a specific resource. so for security reasons the
> exe-permissions should used really carefully. its like a opt-in into my
> "security realm".

As I said above, the execute bit provides no real security except in the
case of set-id executables. No trust needs to be involved, since anybody
who can read the file can arrange to execute it anyway.

If you're concerned about setting the executable bit because you have
programs that randomly go around actually executing untrusted code, of
course, then they're buggy and should be fixed ...

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]