Say that I have in my OS many files with executable permissions, even they are not needed this permission (like .jpg or .txt) - What are the security risks of having that? The system will be less secure hacking wise?
Thanks
Asked
Active
Viewed 1,674 times
1
-
1What would be the reason not to just fix the permissions and not wonder? – John Zwinck Apr 27 '16 at 10:28
-
Why would he go through all his files to fix permissions if it does not pose a security thread? And why is it a problem if he wants to learn the background of these security threads? – arne.z Apr 27 '16 at 10:39
-
I will fix that for the files that I know about, but i still wonder what is the motivation to fix it :) – Noam Apr 27 '16 at 10:41
-
This question is more general computing than programming-related and is [off-topic](http://stackoverflow.com/help/on-topic) for Stack Overflow. [Super User](http://superuser.com/) would be a more appropriate site for this question. – Anthony Geoghegan Apr 27 '16 at 10:58
-
@Anthony certainly not. This is essential knowledge for working with web servers and configuring sites. – Pekka Apr 27 '16 at 13:13
-
It is good practice not to give executable permissions to files that doesn't need it and is known as the [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) principle. You never know what will new exploits be able to do, what is considered secure today could be dangerous tomorrow. – Jeff Bencteux Apr 27 '16 at 15:20
1 Answers
1
My first thoughts from a security perspective would be..
Having executable permissions on files that should not have them exposes your machine to risks like execution of commands through vulnerabilities such as null byte injection on web servers.
With something like injection attacks the attacker has limited file system access only to files he has permissions to. This includes most file inclusion vulnerabilities which in the end leads to complete system breach when the attacker has the 'everyone' privileges set as executable.
Dusty Boshoff
- 1,016
- 14
- 39