Closed twoodcock closed 10 months ago
Oh wow, that's not good! Thanks for pointing this out. It looks like the permissions on those files were changed by 65ea4d8f3cd44a6a123267fdd434faecbf9a374f by @georgestagg. I bet he was on Windows.
The chmod 770
instructions are just carelessness on my part; you're completely right that it's too much. I've gone with your suggestion - it's more readable than the digit form, apart from anything else.
File this under "house keeping". To quote one of my co-workers, if this is exploitable, you have bigger problems.
Why are 3 random files executable? I have v3_stable checked out.
These files are executable: ./numbas_lti/templates/numbas_lti/management/resource_remark_iframe.html ./numbas_lti/static/resource_remark_iframe.js ./numbas_lti/views/resource.py
It is also troubling that the ubuntu installation instructions tell you to make files executable.
chmod 770
. The line in particular ischmod -R 770 /opt/numbas_lti_python
, run after populating the python virtual environment with files. (The other ones are right after directory creation, leaving the-R
off would make no difference.)Instead of
chmod 770
I recommendchmod u+rwX
andchmod g+rwX
,X
meaning set directories as executable (so the user can read inside), leave all other files alone.