Re: [Assp-test] fixes in assp 2.5.6 build 17036

Sun, 05 Feb 2017 23:25:10 -0800 

One question Doug,

There is a difference beween what assp requires to run and what seem to be 
fine for admins .
Some implementations are using external (r/w) access to files and folders 
- so I think, giving the group the same rights like the owner seems to be 
OK - however, this is not really required by assp. 

        required        my sugg.        admins like
folders 0700            0770            0777 or 0775
files   0600            0660            0660 or 0666
exec's  0700            0760            0770 or 0750 or 755 or 775 or 0777

Is it OK to remove the public access for all assp components? 
Or would it be better to leave the mask untouched, if the existing rights 
are more weak than required.


Thomas



Von:    Doug Lytle <supp...@drdos.info>
An:     ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum:  05.02.2017 16:00
Betreff:        Re: [Assp-test] fixes in assp 2.5.6 build 17036



On 02/05/2017 09:50 AM, Thomas Eckardt wrote:
> At the end - is this really a problem?

Yes; non-executable file type should not have it's execute bit set. 
Scripts and programs, yes, but not the .bak nor .txt or even the .db

Code accidentally or maliciously being entered would run.

Just my opinion,

Doug


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to