[Previous] [Next] [Index]
[Thread]
Re: source code security
>On Sat, 2 Dec 1995, Peter Henning wrote:
>
>> one nice trick is to take away all "r" permissions on your cgi binaries.
>> Most scripts just need world or group "x" permissions, and possibly owner
>> "w" permissions so that you can recompile them from a safer directory
>> elsewhere. That way, the scripts can run but even if they live somewhere
>> inside your document root (not a wise idea)
>
>Not true; "scripts" definitely cannot run without read permission. You
>are conflating binaries with scripts, a common practice but an unsafe
>one. A script cannot be run without read permission because it contains
>code to be sent into an interpreter that has to be read at runtime. A C
>binary on the other hand contains native machine code and can be
>executed without read permissions.
Not true either. Korn shell scripts can be executed with execute permission
only, so without read permission. I found this in my 1989 verision of
Korn&Bolsky (pp. 237). Unfortunately not all systems implement this feature
properly. I do not know whether this is still common practice amongst Unix
implementors, but it sure is a way to keep your scripts to yourself.
----
tommy@knoware.nl
Tom van Peer
Hartingstraat 171
3511 HV Utrecht
THE NETHERLANDS
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6ui
mQCPAjCeWDEAAAEEAL6ST2ipVPYg7i/UraSoYUdmg8HPBRCABnzCXBV01CyxK72+
q2fr+EsAASNiZeTr9CMeYSwBwyL/zEjURn8Nh377QBOgzo6ryv6142PtjXsI628k
B3H+ctaTeuKo3UZMUHcDUDzLBqkAf582zac3DzXX8Ql5TCAaNpqHkHYNgTH9ABEB
AAG0H1RvbSB2YW4gUGVlciA8dG9tbXlAa25vd2FyZS5ubD6JAJUCBRAwnljymoeQ
dg2BMf0BAXxyA/0a5ftGvfx1LDIIfl4doy+PPl6cNmQ0WFgyt05FbiVfSpmojDEC
H6peGSY5XNf9Z2Yw1DF7RHuXgTRS+Y5B6nsfoC23Qj4aMLzxkj9jr3iwTJFnT9Yf
4966UBSiclpqIG9fzcK1z9xkZS0vkLpSIpgthPnMbmrhZYclAUt2kp+SqQ==
=TUMI
-----END PGP PUBLIC KEY BLOCK-----