sskender
commented
3 years ago Those are not all the files, there are many more that are executable for some reason. I am not sure why. None of those files has a shebang header to make sense.
Open justinmeiners opened 5 years ago
sskender
commented
3 years ago Those are not all the files, there are many more that are executable for some reason. I am not sure why. None of those files has a shebang header to make sense.
justinmeiners
commented
3 years ago indeed. It's little, but basic, mistakes that make me concerned about the security of this project.
ruimarinho
commented
3 years ago @justinmeiners pull requests are open so you contribute to the security of this module by submitting patches - I'd appreciate that. Are you able to demonstrate an attack based on having these files as executables?
justinmeiners
commented
3 years ago pull requests are open
I am no longer doing work related to this. This issue was filed more than a year ago. I log many issues such as this in various projects in the hope that this information helps you. If it doesn't, feel free to ignore and close.
Are you able to demonstrate an attack
I haven't thought about it. As I mentioned, this is indicative, not a specific vulnerability or error.
sskender
commented
3 years ago @justinmeiners pull requests are open so you contribute to the security of this module by submitting patches - I'd appreciate that. Are you able to demonstrate an attack based on having these files as executables?
I have just created a PR so feel free to audit it.
The following files are executable and I don't believe they need is
To fix: