Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File should not be exectuable #91

Open
justinmeiners opened this issue May 9, 2019 · 5 comments
Open

File should not be exectuable #91

justinmeiners opened this issue May 9, 2019 · 5 comments

Comments

@justinmeiners
Copy link

justinmeiners commented May 9, 2019
edited
Loading

The following files are executable and I don't believe they need is

/dist/src/errors/rpc-error.js
r/src/methods.js

To fix:

chmod -x  rpc-error.js
chmod -x  methods.js
@sskender
Copy link
Contributor

sskender commented Sep 16, 2020
edited
Loading

Those are not all the files, there are many more that are executable for some reason. I am not sure why. None of those files has a shebang header to make sense.

sskender added a commit to sskender/bitcoin-core that referenced this issue Sep 16, 2020
@sskender
ruimarinho/bitcoin-core/ruimarinho#91 Removed unnecessary executable …
38c172d 
…permission on js files
@justinmeiners
Copy link
Author

indeed. It's little, but basic, mistakes that make me concerned about the security of this project.

@ruimarinho
Copy link
Owner

@justinmeiners pull requests are open so you contribute to the security of this module by submitting patches - I'd appreciate that. Are you able to demonstrate an attack based on having these files as executables?

@justinmeiners
Copy link
Author

justinmeiners commented Sep 16, 2020
edited
Loading

pull requests are open

I am no longer doing work related to this. This issue was filed more than a year ago.
I log many issues such as this in various projects in the hope that this information helps you.
If it doesn't, feel free to ignore and close.

Are you able to demonstrate an attack

I haven't thought about it. As I mentioned, this is indicative, not a specific vulnerability or error.

@sskender
Copy link
Contributor

@justinmeiners pull requests are open so you contribute to the security of this module by submitting patches - I'd appreciate that. Are you able to demonstrate an attack based on having these files as executables?

I have just created a PR so feel free to audit it.

pedrobranco pushed a commit to sskender/bitcoin-core that referenced this issue Jul 21, 2022
@sskender @pedrobranco
ruimarinho/bitcoin-core/ruimarinho#91 Removed unnecessary executable …
4a0f750 
…permission on js files
pedrobranco pushed a commit that referenced this issue Jul 21, 2022
@sskender @pedrobranco
ruimarinho/bitcoin-core/#91 Removed unnecessary executable permission…
3f91635 
… on js files
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ruimarinho @justinmeiners @sskender