Am Son, 2002-09-22 um 22.05 schrieb Colin Watson:
On Sun, Sep 22, 2002 at 09:54:14PM +0200, Gottfried Szing wrote:
and for setting default permissions you can also consult the umask
functionallity. but i think this is very dangerous to turn x on by
default.
I can't think of a situation where it's dangerous to grant execute
permission, unless the executable is set-id. If you can read the file
then you can always copy it off somewhere else, set the execute bit
yourself, and execute it. If it isn't set-id and allows you to do
something bad, well, you could clearly have done that without the aid of
the executable.
ok, to utilize the umask, you have two possiblities:
1. setting the umask for the whole process (apache)
2. setting the umask per request
ad 1. i think that this possibility can be ignored. because setting the
exe-permission for all files created (even logfiles) is not really
wanted.
ad 2. this is much better? but why setting exe by default? setting the
permissions by hand via the chmod command or setting the umask is the
same effort: one function call. but the difference is chmod can be done
after(!) doing some checks. e.g. kind of shell to use, is it a binary or
a shell-script,...
i explictly grant permissions on demand and after some checks. i dont
give everyone access to a specific resource. so for security reasons the
exe-permissions should used really carefully. its like a opt-in into my
"security realm".
ok, its the decision of the webmaster/programmer to trust the uploaders.
but i would not use the umask and exe-by-default in thousands of years.
cu