Hi,
Garith Dugmore wrote on 18.12.2006 at 23:38:34 [Re: [BackupPC-users] Rsync and
Public Keys]:
> You'll find rpms in there aswell as this script :<br>
> <br>
> [...]
> which I just throw in /usr/local/bin and chmod 777 it.<br>
I can't think of *any* valid reason for having files that are both
world-writable and executable, much less anything as trivial to modify as a
script. There should be code in the kernel preventing such a setting :-).
Since there isn't, you have to avoid such mistakes on your own. If octal file
modes seem cryptic, use symbolic modes ('man chmod').
Examples:
'chmod a=rx myscript' (read and execute permission for all, aka 555)
'chmod u=rwx,go=rx myscript' (read, write and execute for the owner ("user"),
read and execute for group and others, aka 755)
'chmod u-w myscript' (take away owner write permission, leave the rest as it
is)
'chmod go=u,go-w' (copy permissions from owner to group and others, then take
away write permission from group and others, very handy
for recursive chmods ("-R"))
Writable scripts are an invitation for *anyone* with access to the system
(intended or through a bug or misconfiguration) to hide something nasty in
them, and I wouldn't count on it being as harmless as 'rm -rf /'. A script
for generating ssh keys rather suggests something like mailing the keys
somewhere (and maybe the passwords you enter too). Trust me, you don't want
to risk something like that, even if it's only a remote possibility.
Regards,
Holger
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
