Re^3: Executable bit sloppiness in modules

I don't get it. If someone has access to execute "thanks.txt", they'll already have access to run every command in it separately, so the file itself is buying them absolutely nothing. Unless it's somehow being installed suid (which would be a huge problem) or ending up in someone else's path.

Comment on Re^3: Executable bit sloppiness in modules

Replies are listed 'Best First'.
Re^4: Executable bit sloppiness in modules by zentara (Cardinal) on Dec 21, 2004 at 13:58 UTC
You are probably right,...but somehow it just bothers me and I will continue to examine modules before I install them, and adjust file permissions to be correct for the file type. I guess I'm a bit too paranoid. :-) I'm not really a human, but I play one on earth. flash japh	[reply]
Re^5: Executable bit sloppiness in modules by Aristotle (Chancellor) on Dec 21, 2004 at 14:40 UTC
He is right. It's just superstition to be looking for security holes in those sloppily set permissions. An attacker is never going to go through a million artificial contortions when he is in a position to walk right in through the front door, because what would that buy him? And since you're going to be executing `Makefile.PL` anyway, you are offering an open front door. It's another matter if the mode is 777 of course — since someone else could exploit that. 755 instead of 644 is harmless but annoying for other reasons. Makeshifts last the longest.	[reply]