> >> I can't find details on the file execution permission: looks like a > malicious client could just ignore it on files and execute anything that it > can read (obviously I'm just talking about single files, not directory). > > > > It's not malicious, just incorrect. Obviously you can't execute a > remote image or script unless you read it. > > By malicious I mean that the client could execute a script that it wasn't > allowed to.
if you can read the executable you can already copy it somewhere, set the execute bit, and away you go. the x bit is purely advisory. it is not a security mechanism. - erik
