The native lua library downloads and installs with dangerously broad world read write and execute permissions. It exposes the running user to compromising:
ls -l OpenComputersMod*
-rwxrwxrwx 1 lea lea 851843 juin 9 23:54 OpenComputersMod-1.7.4.153-lua53-native.64.so
The permissions should be octal 0750
User: read, write, execute
Group: read, execute
Others: nothing
So this instead:
chmod 0750 OpenComputersMod-1.7.4.153-lua53-native.64.so
ls -l OpenComputersMod*
-rwxr-x--- 1 lea lea 851843 juin 9 23:54 OpenComputersMod-1.7.4.153-lua53-native.64.so
I see no additional risk by leaving this file in rwx mode. If the mc server folder itself is accessible, then an exploit is already wide open.
If you are running on a multi-user system, and other users are untrusted (AND they have access to your personal files, such as mc server files), then you have other problems already and any exploits they could execute are possible with or without this change. This file's permissions add no additional vulnerability.
Sure, a native binary executable payload is downloaded from the wild internet and it has world write and execute permission... What could go wrong ?!
I mean, you're already downloading it from the Internet...Â
a few things to consider
Most helpful comment
I see no additional risk by leaving this file in rwx mode. If the mc server folder itself is accessible, then an exploit is already wide open.
If you are running on a multi-user system, and other users are untrusted (AND they have access to your personal files, such as mc server files), then you have other problems already and any exploits they could execute are possible with or without this change. This file's permissions add no additional vulnerability.