bitcoin-core icon indicating copy to clipboard operation
bitcoin-core copied to clipboard
verified publisher icon ruimarinho

File should not be exectuable

Open justinmeiners opened this issue 6 years ago • 5 comments

The following files are executable and I don't believe they need is

/dist/src/errors/rpc-error.js
r/src/methods.js

To fix:

chmod -x  rpc-error.js
chmod -x  methods.js

justinmeiners avatar May 09 '19 17:05 justinmeiners

Those are not all the files, there are many more that are executable for some reason. I am not sure why. None of those files has a shebang header to make sense.

sskender avatar Sep 16 '20 09:09 sskender

indeed. It's little, but basic, mistakes that make me concerned about the security of this project.

justinmeiners avatar Sep 16 '20 15:09 justinmeiners

@justinmeiners pull requests are open so you contribute to the security of this module by submitting patches - I'd appreciate that. Are you able to demonstrate an attack based on having these files as executables?

ruimarinho avatar Sep 16 '20 16:09 ruimarinho

pull requests are open

I am no longer doing work related to this. This issue was filed more than a year ago. I log many issues such as this in various projects in the hope that this information helps you. If it doesn't, feel free to ignore and close.

Are you able to demonstrate an attack

I haven't thought about it. As I mentioned, this is indicative, not a specific vulnerability or error.

justinmeiners avatar Sep 16 '20 17:09 justinmeiners

@justinmeiners pull requests are open so you contribute to the security of this module by submitting patches - I'd appreciate that. Are you able to demonstrate an attack based on having these files as executables?

I have just created a PR so feel free to audit it.

sskender avatar Sep 16 '20 18:09 sskender