YunoHost-Apps / etherpad_ynh

Etherpad-Lite package for YunoHost
http://etherpad.org/
GNU General Public License v3.0
2 stars 2 forks source link

Files/Folders with 0777 file permission #11

Closed tio-trom closed 3 years ago

tio-trom commented 3 years ago
/var/www/etherpad_mypads__2/node_modules/aws-sdk/node_modules/.bin/uuid
/var/www/etherpad_mypads__2/node_modules/.bin/ldapjs-modify
/var/www/etherpad_mypads__2/node_modules/.bin/ldapjs-compare
/var/www/etherpad_mypads__2/node_modules/.bin/uuid
/var/www/etherpad_mypads__2/node_modules/.bin/sshpk-conv
/var/www/etherpad_mypads__2/node_modules/.bin/ldapjs-add
/var/www/etherpad_mypads__2/node_modules/.bin/sshpk-verify
/var/www/etherpad_mypads__2/node_modules/.bin/ncp
/var/www/etherpad_mypads__2/node_modules/.bin/ldapjs-delete
/var/www/etherpad_mypads__2/node_modules/.bin/xml2js
/var/www/etherpad_mypads__2/node_modules/.bin/mkdirp
/var/www/etherpad_mypads__2/node_modules/.bin/bunyan
/var/www/etherpad_mypads__2/node_modules/.bin/semver
/var/www/etherpad_mypads__2/node_modules/.bin/rimraf
/var/www/etherpad_mypads__2/node_modules/.bin/follow
/var/www/etherpad_mypads__2/node_modules/.bin/sshpk-sign
/var/www/etherpad_mypads__2/node_modules/.bin/ldapjs-search
/var/www/etherpad_mypads__2/node_modules/.bin/json-beautify
/var/www/etherpad_mypads__2/node_modules/.bin/showdown
/var/www/etherpad_mypads__2/node_modules/ep_etherpad-lite
/var/www/etherpad_mypads__2/src/node_modules/spawn-wrap/node_modules/.bin/node-which
/var/www/etherpad_mypads__2/src/node_modules/cross-spawn/node_modules/.bin/node-which
/var/www/etherpad_mypads__2/src/node_modules/istanbul-lib-instrument/node_modules/.bin/semver
/var/www/etherpad_mypads__2/src/node_modules/pg/node_modules/.bin/semver
/var/www/etherpad_mypads__2/src/node_modules/.bin/npx
/var/www/etherpad_mypads__2/src/node_modules/.bin/z-schema
/var/www/etherpad_mypads__2/src/node_modules/.bin/uglifyjs
/var/www/etherpad_mypads__2/src/node_modules/.bin/wd
/var/www/etherpad_mypads__2/src/node_modules/.bin/json5
/var/www/etherpad_mypads__2/src/node_modules/.bin/uuid
/var/www/etherpad_mypads__2/src/node_modules/.bin/sshpk-conv
/var/www/etherpad_mypads__2/src/node_modules/.bin/js-yaml
/var/www/etherpad_mypads__2/src/node_modules/.bin/he
/var/www/etherpad_mypads__2/src/node_modules/.bin/sshpk-verify
/var/www/etherpad_mypads__2/src/node_modules/.bin/flat
/var/www/etherpad_mypads__2/src/node_modules/.bin/jsesc
/var/www/etherpad_mypads__2/src/node_modules/.bin/mkdirp
/var/www/etherpad_mypads__2/src/node_modules/.bin/semver
/var/www/etherpad_mypads__2/src/node_modules/.bin/nyc
/var/www/etherpad_mypads__2/src/node_modules/.bin/mime
/var/www/etherpad_mypads__2/src/node_modules/.bin/which
/var/www/etherpad_mypads__2/src/node_modules/.bin/rimraf
/var/www/etherpad_mypads__2/src/node_modules/.bin/_mocha
/var/www/etherpad_mypads__2/src/node_modules/.bin/parser
/var/www/etherpad_mypads__2/src/node_modules/.bin/npm
/var/www/etherpad_mypads__2/src/node_modules/.bin/follow
/var/www/etherpad_mypads__2/src/node_modules/.bin/sshpk-sign
/var/www/etherpad_mypads__2/src/node_modules/.bin/esparse
/var/www/etherpad_mypads__2/src/node_modules/.bin/mocha
/var/www/etherpad_mypads__2/src/node_modules/.bin/esvalidate
/var/www/etherpad_mypads__2/src/node_modules/node-environment-flags/node_modules/.bin/semver
/var/www/etherpad_mypads__2/src/node_modules/make-dir/node_modules/.bin/semver
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/nopt
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/errno
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/uuid
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/sshpk-conv
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/sshpk-verify
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/JSONStream
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/is-ci
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/mkdirp
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/opener
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/node-gyp
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/qrcode-terminal
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/semver
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/which
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/rimraf
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/sshpk-sign
/var/www/etherpad_mypads__2/src/node_modules/npm/node_modules/.bin/rc
/var/www/etherpad_mypads__2/src/node_modules/log4js/node_modules/.bin/semver

I am reporting many of these for many YNH apps. I'd want to know if there is a reason why so many files and folders have this very non-secure permission. I could change the permissions but am not sure if I would break these apps.

ericgaspar commented 3 years ago

Thanks for reporting! You should try to change the permissions and report if that breaks the app. Also, you may be in the wrong repo as this one is etherpad_ynh and not etherpad_mypads