#13579: test_executable security risk
---------------------------------------------------------------+------------
Reporter: vbraun | Owner:
mvngu
Type: defect | Status:
needs_work
Priority: blocker | Milestone:
sage-5.4
Component: doctest | Resolution:
Keywords: | Work issues:
Report Upstream: Not yet reported upstream; Will do shortly. | Reviewers:
Volker Braun, Jeroen Demeyer
Authors: Jeroen Demeyer, Volker Braun | Merged in:
Dependencies: | Stopgaps:
---------------------------------------------------------------+------------
Comment (by nbruin):
Replying to [comment:38 vbraun]:
> IMHO it would be enough to check that parent dir is not o+w, anything
else might actually be intentional (e.g. you might have set up a special
group so you can collaborate on a Python program).
Even that may be intentional. Many linux distributions by default make a
separate group for each individual. On a machine where you trust every
account, `o+w` would not necessarily indicate a security hole.
That being said, I think the proposed patch provides an acceptable
workaround and I don't have any better ideas.
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/13579#comment:40>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
