Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ability to source .activate.sh even if writeable by group ("Cowardly refusing to source .activate.sh because writeable by others") #48

Closed
FelixSchwarz opened this issue Nov 4, 2023 · 2 comments
Closed

ability to source .activate.sh even if writeable by group ("Cowardly refusing to source .activate.sh because writeable by others") #48

FelixSchwarz opened this issue Nov 4, 2023 · 2 comments

Comments

@FelixSchwarz
Copy link

FelixSchwarz commented Nov 4, 2023
edited
Loading

Currently aactivator will not source any script that is "writeable by others":

aactivator/aactivator.py

Line 81 in 6a6ac54

elif pathstat & (stat.S_IWGRP | stat.S_IWOTH):

In my case the files are just writeable by me and group members but not "others". While I can see that you really want to have tight restrictions in some places, I'm willing to accept group writeable files and directories.

It would be nice if there was an option to loosen the restriction a bit.
@asottile
Copy link
Collaborator

asottile commented Nov 4, 2023

group members are "others" -- it would allow any group member to perform arbitrary code execution

@asottile asottile closed this as completed Nov 4, 2023
@asottile
Copy link
Collaborator

asottile commented Nov 4, 2023

you're free to run an insecure fork but we will not be loosening the security of this tool

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FelixSchwarz @asottile