Security: Possible privilege escalation due to file permissions

Libraries (*.so and .so. files) do not require the executable bit (x) to be set in Linux. Strictly speaking, it should never be set for libraries. Because libraries are not executable files in Linux, they are libraries.

So please change the file permissions of your anki files inside your anki package with the following directions:

  1. change your current directory and go into the anki folder.
  2. run the following two commands inside your anki folder to correct the permissions, you will need both of them:
find . -type f -iname *.so.* -exec chmod 644 {} \;
find . -type f -iname *.so -exec chmod 644 {} \;

This will remove the executable bit (x) of all *.so.* and *.so library files from:

-rwx------  ...


-rw-r--r--  ...
  1. You can check all permissions inside your anki directory with the command tree if the package tree is installed:
    tree -p

The only files in the anki folder that should have the executable bit set are:

  1. The anki executable
  2. shell script files like and
  3. Python script files with the *.py extension.
  4. The QtWebEngineProcess executable in ./lib/PyQt6/Qt6/libexec/QtWebEngineProcess in the anki directory

I think you’re overstating the security impact of this, but I’ve logged it on .so files are chmod +x in binary bundle · Issue #3091 · ankitects/anki · GitHub

Thank you for reporting that issue to the bug tracker.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.