Thu, 08/24/2006 - 19:35
Forums:
Hello All,
I've installed OCC 6.1 using the java installer on a Gentoo system. Having a quick look around the the files in /opt/OpenCASCADE6.1.0, I've noticed that all files are world WRITABLE and have world EXECUTE permission. I hope this is an aberation on my system. This is a clear security concern. Can somebody else please check their system?
Thanks,
Arthur
Thu, 08/24/2006 - 20:27
Hmm, here too. That's nasty, especially if installed as root.
Debian Sid
Thu, 08/24/2006 - 21:20
That's exactly what I did. I'm assuming we have to run the installer as root to get write access to /opt, but maybe that's not the case?
Thu, 08/24/2006 - 23:03
It would be possible to create a directory in /opt, where a normal user can write. But then all the files would belong to that user and would also be world-writable. Thats ugly too.
I have used find to set all files to 644, directories to 755 and changed the few things, that must be excecutable manually to 755. It was about 5min of work, but it would be definetly better if the installer sets it right on its own.
The actual installer seems to be security nightmare. :-(
Fri, 08/25/2006 - 00:38
Yes, individual users in /opt is best avoided. This should certainly be fixed in the installer. I wasn't very keen to run it as root (compared to a good old 'make install'), but couldn't figure out how to build without it.
I fixed using chmod -R and manually tweaking those that should be executable.
Have you installed Salome? From the package I'm guessing it does the same thing, but haven't managed to install it yet.
Fri, 08/25/2006 - 00:49
No, i don't use salomone.
I will take look at a windows install of OCC tomorrow. I'm very curios about the rights and owners of the installation there.
Fri, 08/25/2006 - 12:37
Well, as far as i can see, the permission in windows seems right, but i must say, that i look _very_ rarely into anything in windows...
Fri, 08/25/2006 - 19:16
You're ahead of me. I didn't realise Windows had a real permissions system ;-)