Open justinmeiners opened 5 years ago
Those are not all the files, there are many more that are executable for some reason. I am not sure why. None of those files has a shebang header to make sense.
indeed. It's little, but basic, mistakes that make me concerned about the security of this project.
@justinmeiners pull requests are open so you contribute to the security of this module by submitting patches - I'd appreciate that. Are you able to demonstrate an attack based on having these files as executables?
pull requests are open
I am no longer doing work related to this. This issue was filed more than a year ago. I log many issues such as this in various projects in the hope that this information helps you. If it doesn't, feel free to ignore and close.
Are you able to demonstrate an attack
I haven't thought about it. As I mentioned, this is indicative, not a specific vulnerability or error.
@justinmeiners pull requests are open so you contribute to the security of this module by submitting patches - I'd appreciate that. Are you able to demonstrate an attack based on having these files as executables?
I have just created a PR so feel free to audit it.
The following files are executable and I don't believe they need is
To fix: