chmod is broken and insecure

Bug #1021725 reported by Sergey "Shnatsel" Davidoff on 2012-07-06
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Scratch
Fix Released
Critical
Mario Guerriero

Bug Description

I appreciate attempting to make some files executable on initial save, but the way it's currently implemented is really ugly. You're using a wrapper to system() syscall instead of using chmod() UNIX function. Besides being broken (here's what I get in console on saving:
"chmod: missing operand after `+x'
Try `chmod --help' for more information." ) it presents a potential security vulnerability.
Please use chmod() unix function instead.

Changed in scratch:
milestone: none → luna-beta1
summary: - chmod is broken and ugly
+ chmod is broken and insecure
Mario Guerriero (mefrio-g) wrote :

yeah it is a very very ugly implementation

Changed in scratch:
status: New → Confirmed
xapantu (xapantu) wrote :

It doesn't need to be private...

Mario Guerriero (mefrio-g) wrote :

Yes it can be public

Changed in scratch:
assignee: nobody → Mario Guerriero (mefrio-g)
security vulnerability: yes → no
visibility: private → public
Changed in scratch:
status: Confirmed → Fix Committed

Setting permissions to fixed permissive 777 is not good enough AFAIK. By default files get 664 permissions, so what you want to set is probably 775

Daniel Fore (danrabbit) on 2012-08-03
Changed in scratch:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers