Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

workbench-linux64-v1.5.0.zip has too-generous permissions for files and directories #58

Open
gdevenyi opened this issue Nov 15, 2021 · 3 comments
Open

workbench-linux64-v1.5.0.zip has too-generous permissions for files and directories #58

gdevenyi opened this issue Nov 15, 2021 · 3 comments

Comments

@gdevenyi
Copy link

Permissions across all files and directories in the zipfile are u=rwx,g=rwx,o=rwx. This is bad if this package is unpacked by an admin intending to install into a privileged location, as any user can write to the directories, and modify or delete files.

In addition, non-executable files should not be +x.
@coalsont
Copy link
Member

Thanks for bringing this up. The permissions should be improved in the next release.

@gdevenyi
Copy link
Author

2 years later and I'm back because I went install workbench on another computer found the bug, and decided to report it. Turns out I already did 🤷🏻

@coalsont
Copy link
Member

coalsont commented Dec 18, 2023
edited
Loading

We didn't change the permissions in the existing release zip, but we did change it on the folders that get zipped to make them. It has been longer than expected for us to put out a new release since then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coalsont @gdevenyi