workbench icon indicating copy to clipboard operation
workbench copied to clipboard

Published 20 hours ago verified publisher icon Washington-University

workbench-linux64-v1.5.0.zip has too-generous permissions for files and directories

Open gdevenyi opened this issue 3 years ago • 3 comments

Permissions across all files and directories in the zipfile are u=rwx,g=rwx,o=rwx. This is bad if this package is unpacked by an admin intending to install into a privileged location, as any user can write to the directories, and modify or delete files.

In addition, non-executable files should not be +x.

gdevenyi avatar Nov 15 '21 01:11 gdevenyi

Thanks for bringing this up. The permissions should be improved in the next release.

coalsont avatar Nov 15 '21 21:11 coalsont

2 years later and I'm back because I went install workbench on another computer found the bug, and decided to report it. Turns out I already did 🤷🏻

gdevenyi avatar Dec 16 '23 18:12 gdevenyi

We didn't change the permissions in the existing release zip, but we did change it on the folders that get zipped to make them. It has been longer than expected for us to put out a new release since then.

coalsont avatar Dec 18 '23 23:12 coalsont