Re^2: Executable bit sloppiness in modules

Well you are right of course, BUT I was thinking along the lines of "sneaking in an innocent looking file" which could be executed later as part of a hidden attack. Say the module installs a file, marked executable, and innocently named like "thanks.txt". Well I didn't bother to read it ( or may have done an automatic CPAN install". Now "someone knows" that /usr/lib/Perl5..../somedir/thanks.txt" is just sitting there waiting for a another script in the "attack-plan"( which possibly needs root priviledges to run).

Sure, the same thing could be done in other ways, but this is such an "obvious hole", that can be so easily prevented, that I thought I would bring it up.

I'm not really a human, but I play one on earth. flash japh

Comment on Re^2: Executable bit sloppiness in modules

Replies are listed 'Best First'.
Re^3: Executable bit sloppiness in modules by Eimi Metamorphoumai (Deacon) on Dec 21, 2004 at 13:50 UTC
I don't get it. If someone has access to execute "thanks.txt", they'll already have access to run every command in it separately, so the file itself is buying them absolutely nothing. Unless it's somehow being installed suid (which would be a huge problem) or ending up in someone else's path.	[reply]
Re^4: Executable bit sloppiness in modules by zentara (Cardinal) on Dec 21, 2004 at 13:58 UTC
You are probably right,...but somehow it just bothers me and I will continue to examine modules before I install them, and adjust file permissions to be correct for the file type. I guess I'm a bit too paranoid. :-) I'm not really a human, but I play one on earth. flash japh	[reply]
Re^5: Executable bit sloppiness in modules by Aristotle (Chancellor) on Dec 21, 2004 at 14:40 UTC
He is right. It's just superstition to be looking for security holes in those sloppily set permissions. An attacker is never going to go through a million artificial contortions when he is in a position to walk right in through the front door, because what would that buy him? And since you're going to be executing `Makefile.PL` anyway, you are offering an open front door. It's another matter if the mode is 777 of course — since someone else could exploit that. 755 instead of 644 is harmless but annoying for other reasons. Makeshifts last the longest.	[reply]