Security and File Permissions

Hello All,

I've installed OCC 6.1 using the java installer on a Gentoo system. Having a quick look around the the files in /opt/OpenCASCADE6.1.0, I've noticed that all files are world WRITABLE and have world EXECUTE permission. I hope this is an aberation on my system. This is a clear security concern. Can somebody else please check their system?



Jan Brüninghaus's picture

Hmm, here too. That's nasty, especially if installed as root.

Debian Sid

Arthur Magill's picture

That's exactly what I did. I'm assuming we have to run the installer as root to get write access to /opt, but maybe that's not the case?

Jan Brüninghaus's picture

It would be possible to create a directory in /opt, where a normal user can write. But then all the files would belong to that user and would also be world-writable. Thats ugly too.

I have used find to set all files to 644, directories to 755 and changed the few things, that must be excecutable manually to 755. It was about 5min of work, but it would be definetly better if the installer sets it right on its own.

The actual installer seems to be security nightmare. :-(

Arthur Magill's picture

Yes, individual users in /opt is best avoided. This should certainly be fixed in the installer. I wasn't very keen to run it as root (compared to a good old 'make install'), but couldn't figure out how to build without it.

I fixed using chmod -R and manually tweaking those that should be executable.

Have you installed Salome? From the package I'm guessing it does the same thing, but haven't managed to install it yet.

Jan Brüninghaus's picture

No, i don't use salomone.

I will take look at a windows install of OCC tomorrow. I'm very curios about the rights and owners of the installation there.

Jan Brüninghaus's picture

Well, as far as i can see, the permission in windows seems right, but i must say, that i look _very_ rarely into anything in windows...

Arthur Magill's picture

You're ahead of me. I didn't realise Windows had a real permissions system ;-)