ability to source `.activate.sh` even if writeable by group ("Cowardly refusing to source .activate.sh because writeable by others")
Closed this issue · 2 comments
FelixSchwarz commented
Currently aactivator will not source any script that is "writeable by others":
Line 81 in 6a6ac54
In my case the files are just writeable by me and group members but not "others". While I can see that you really want to have tight restrictions in some places, I'm willing to accept group writeable files and directories.
It would be nice if there was an option to loosen the restriction a bit.
asottile commented
group members are "others" -- it would allow any group member to perform arbitrary code execution
asottile commented
you're free to run an insecure fork but we will not be loosening the security of this tool