stop using execute file permissions under linux

Edit Subject

this leads (is leading) to exploits

2 people have
this problem +1

Solved

CHAMP

0

Edit

Delete

Remove

Official

Fork

Alexei October 11, 2011 18:51

Hi Galen,

Which version of Ghostery are you referring to? Which files?

Comment

good solution! good solution! (undo)
- Cancel
Edit Your Reply (some HTML allowed)
Has the status changed?

Hi Galen, Which version of Ghostery are you referring to? Which files?

How does this make you feel? Add Image

I'm
e.g. indifferent, undecided, unconcerned happy, confident, thankful, excited kidding, amused, unsure, silly sad, anxious, confused, frustrated
Cancel
CHAMP

1

Edit

Delete

Remove

Official

Fork

Eric P. Scott October 11, 2011 22:54
In Ghostery 2.6.0.1 for Firefox, take a look at getOrCreateFile in chrome://ghostery/content/ghostery-common.js
```
			var type = isDirectory ? Components.interfaces.nsIFile.DIRECTORY_TYPE : Components.interfaces.nsIFile.NORMAL_FILE_TYPE;

			file.create(type, 0777);
```
wants to be
```
			if (isDirectory)

				file.create(Components.interfaces.nsIFile.DIRECTORY_TYPE, 0777);

			else

				file.create(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0666);
```
Comment

good solution! good solution! (undo)
- view -1 more comments
- Felix Shnir October 14, 2011 19:43
  
  Hey Eric, any particular reason why applying 666 to both levels wont work?
  
  Edit
  
  Delete
  
  Remove
- Cancel
- Cancel
Edit Your Reply (some HTML allowed)
Has the status changed?

In Ghostery 2.6.0.1 for Firefox, take a look at getOrCreateFile in chrome://ghostery/content/ghostery-common.js <pre> var type = isDirectory ? Components.interfaces.nsIFile.DIRECTORY_TYPE : Components.interfaces.nsIFile.NORMAL_FILE_TYPE; file.create(type, 0777);</pre> wants to be <pre> if (isDirectory) file.create(Components.interfaces.nsIFile.DIRECTORY_TYPE, 0777); else file.create(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0666);</pre>

How does this make you feel? Add Image

I'm
e.g. indifferent, undecided, unconcerned happy, confident, thankful, excited kidding, amused, unsure, silly sad, anxious, confused, frustrated
Cancel
CHAMP

0

Edit

Delete

Remove

Official

Fork

Felix Shnir October 12, 2011 19:12

Hi Galen, thanks for using Ghostery.

I'll see about updating this for the next release. Have you seen a case of abuse of this particular vulnerability yet?

Comment

good solution! good solution! (undo)
- Cancel
Edit Your Reply (some HTML allowed)
Has the status changed?

Hi Galen, thanks for using Ghostery. I'll see about updating this for the next release. Have you seen a case of abuse of this particular vulnerability yet?

How does this make you feel? Add Image

I'm
e.g. indifferent, undecided, unconcerned happy, confident, thankful, excited kidding, amused, unsure, silly sad, anxious, confused, frustrated
Cancel