J. Lewis Muir created SERF-181: ---------------------------------- Summary: Source tarball file modes are group- and world-writable Key: SERF-181 URL: https://issues.apache.org/jira/browse/SERF-181 Project: serf Issue Type: Bug Affects Versions: serf-1.3.9 Reporter: J. Lewis Muir Priority: Minor
The modes of the files in the serf-1.3.9.tar.bz2 source tarball are all group- and world-writable. This is problematic if the tarball is extracted as root since many tar implementations will preserve the file modes even without the {{-p}} option, thus creating files that are group- and world-writable. It would be better if the file modes were not group- and world-writable in the tarball. {noformat} % tar tjvf serf-1.3.9.tar.bz2 drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/ -rw-rw-rw- 0 bert bert 14372 Aug 29 2016 serf-1.3.9/CHANGES -rw-rw-rw- 0 bert bert 11357 Aug 26 2007 serf-1.3.9/LICENSE -rw-rw-rw- 0 bert bert 287 Sep 17 2015 serf-1.3.9/NOTICE -rw-rw-rw- 0 bert bert 2842 Sep 17 2015 serf-1.3.9/README -rw-rw-rw- 0 bert bert 17388 Sep 17 2015 serf-1.3.9/SConstruct -rw-rw-rw- 0 bert bert 520 Oct 17 2015 serf-1.3.9/STATUS drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/auth/ -rw-rw-rw- 0 bert bert 16390 Sep 17 2015 serf-1.3.9/auth/auth.c -rw-rw-rw- 0 bert bert 6570 Sep 17 2015 serf-1.3.9/auth/auth.h -rw-rw-rw- 0 bert bert 6020 Sep 17 2015 serf-1.3.9/auth/auth_basic.c -rw-rw-rw- 0 bert bert 17883 Sep 17 2015 serf-1.3.9/auth/auth_digest.c -rw-rw-rw- 0 bert bert 23808 Sep 17 2015 serf-1.3.9/auth/auth_spnego.c -rw-rw-rw- 0 bert bert 4133 Sep 17 2015 serf-1.3.9/auth/auth_spnego.h -rw-rw-rw- 0 bert bert 8096 Sep 17 2015 serf-1.3.9/auth/auth_spnego_gss.c -rw-rw-rw- 0 bert bert 9296 Sep 17 2015 serf-1.3.9/auth/auth_spnego_sspi.c drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/buckets/ -rw-rw-rw- 0 bert bert 14119 Sep 17 2015 serf-1.3.9/buckets/aggregate_buckets.c -rw-rw-rw- 0 bert bert 12238 Sep 17 2015 serf-1.3.9/buckets/allocator.c -rw-rw-rw- 0 bert bert 3371 Sep 17 2015 serf-1.3.9/buckets/barrier_buckets.c -rw-rw-rw- 0 bert bert 18434 Sep 17 2015 serf-1.3.9/buckets/buckets.c -rw-rw-rw- 0 bert bert 17625 Sep 17 2015 serf-1.3.9/buckets/bwtp_buckets.c -rw-rw-rw- 0 bert bert 7227 Sep 17 2015 serf-1.3.9/buckets/chunk_buckets.c -rw-rw-rw- 0 bert bert 6547 Sep 17 2015 serf-1.3.9/buckets/dechunk_buckets.c -rw-rw-rw- 0 bert bert 14904 Sep 17 2015 serf-1.3.9/buckets/deflate_buckets.c -rw-rw-rw- 0 bert bert 3939 Sep 17 2015 serf-1.3.9/buckets/file_buckets.c -rw-rw-rw- 0 bert bert 13282 Sep 17 2015 serf-1.3.9/buckets/headers_buckets.c -rw-rw-rw- 0 bert bert 5250 Sep 17 2015 serf-1.3.9/buckets/iovec_buckets.c -rw-rw-rw- 0 bert bert 3798 Sep 17 2015 serf-1.3.9/buckets/limit_buckets.c -rw-rw-rw- 0 bert bert 3900 Sep 17 2015 serf-1.3.9/buckets/mmap_buckets.c -rw-rw-rw- 0 bert bert 7747 Sep 17 2015 serf-1.3.9/buckets/request_buckets.c -rw-rw-rw- 0 bert bert 4223 Sep 17 2015 serf-1.3.9/buckets/response_body_buckets.c -rw-rw-rw- 0 bert bert 16027 Sep 17 2015 serf-1.3.9/buckets/response_buckets.c -rw-rw-rw- 0 bert bert 4686 Sep 17 2015 serf-1.3.9/buckets/simple_buckets.c -rw-rw-rw- 0 bert bert 3957 Sep 17 2015 serf-1.3.9/buckets/socket_buckets.c -rw-rw-rw- 0 bert bert 60398 Jun 30 2016 serf-1.3.9/buckets/ssl_buckets.c drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/build/ -rwxrwxrwx 0 bert bert 2206 Sep 17 2015 serf-1.3.9/build/check.py -rwxrwxrwx 0 bert bert 2694 Sep 17 2015 serf-1.3.9/build/gen_def.py -rw-rw-rw- 0 bert bert 318 Oct 4 2013 serf-1.3.9/build/serf.pc.in -rw-rw-rw- 0 bert bert 11892 Oct 17 2015 serf-1.3.9/context.c -rw-rw-rw- 0 bert bert 5880 Aug 26 2007 serf-1.3.9/design-guide.txt -rw-rw-rw- 0 bert bert 4380 Sep 17 2015 serf-1.3.9/incoming.c -rw-rw-rw- 0 bert bert 58625 Oct 17 2015 serf-1.3.9/outgoing.c -rw-rw-rw- 0 bert bert 39346 Sep 17 2015 serf-1.3.9/serf.h -rw-rw-rw- 0 bert bert 21225 Sep 17 2015 serf-1.3.9/serf_bucket_types.h -rw-rw-rw- 0 bert bert 8787 Sep 17 2015 serf-1.3.9/serf_bucket_util.h -rw-rw-rw- 0 bert bert 15934 Sep 17 2015 serf-1.3.9/serf_private.h -rw-rw-rw- 0 bert bert 7291 Sep 17 2015 serf-1.3.9/ssltunnel.c drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/test/ -rw-rw-rw- 0 bert bert 7485 Oct 12 2008 serf-1.3.9/test/CuTest-README.txt -rw-rw-rw- 0 bert bert 11273 Oct 4 2013 serf-1.3.9/test/CuTest.c -rw-rw-rw- 0 bert bert 6409 Jul 21 2013 serf-1.3.9/test/CuTest.h -rw-rw-rw- 0 bert bert 11135 Sep 17 2015 serf-1.3.9/test/mock_buckets.c -rw-rw-rw- 0 bert bert 20061 Sep 17 2015 serf-1.3.9/test/serf_bwtp.c -rw-rw-rw- 0 bert bert 21439 Sep 17 2015 serf-1.3.9/test/serf_get.c -rw-rw-rw- 0 bert bert 2521 Sep 17 2015 serf-1.3.9/test/serf_request.c -rw-rw-rw- 0 bert bert 4683 Sep 17 2015 serf-1.3.9/test/serf_response.c -rw-rw-rw- 0 bert bert 4120 Sep 17 2015 serf-1.3.9/test/serf_server.c -rw-rw-rw- 0 bert bert 25059 Sep 17 2015 serf-1.3.9/test/serf_spider.c -rw-rw-rw- 0 bert bert 3656 Mar 21 2008 serf-1.3.9/test/serftestca.pem drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/test/server/ -rw-rw-rw- 0 bert bert 1489 Jun 30 2016 serf-1.3.9/test/server/serfcacert.pem -rw-rw-rw- 0 bert bert 3677 Jun 30 2016 serf-1.3.9/test/server/serfclientcert.p12 -rw-rw-rw- 0 bert bert 1505 Jun 30 2016 serf-1.3.9/test/server/serfrootcacert.pem -rw-rw-rw- 0 bert bert 1371 Jun 30 2016 serf-1.3.9/test/server/serfserver_expired_cert.pem -rw-rw-rw- 0 bert bert 1371 Jun 30 2016 serf-1.3.9/test/server/serfserver_future_cert.pem -rw-rw-rw- 0 bert bert 1371 Jun 30 2016 serf-1.3.9/test/server/serfservercert.pem -rw-rw-rw- 0 bert bert 1834 Jun 30 2016 serf-1.3.9/test/server/serfserverkey.pem -rw-rw-rw- 0 bert bert 21996 Sep 17 2015 serf-1.3.9/test/server/test_server.c -rw-rw-rw- 0 bert bert 5259 Sep 17 2015 serf-1.3.9/test/server/test_server.h -rw-rw-rw- 0 bert bert 13854 Jun 30 2016 serf-1.3.9/test/server/test_sslserver.c -rw-rw-rw- 0 bert bert 3217 Sep 17 2015 serf-1.3.9/test/test_all.c -rw-rw-rw- 0 bert bert 23992 Sep 17 2015 serf-1.3.9/test/test_auth.c -rw-rw-rw- 0 bert bert 58829 Sep 17 2015 serf-1.3.9/test/test_buckets.c -rw-rw-rw- 0 bert bert 86012 Sep 17 2015 serf-1.3.9/test/test_context.c -rw-rw-rw- 0 bert bert 10811 Sep 17 2015 serf-1.3.9/test/test_serf.h -rw-rw-rw- 0 bert bert 10622 Sep 17 2015 serf-1.3.9/test/test_ssl.c -rw-rw-rw- 0 bert bert 21513 Sep 17 2015 serf-1.3.9/test/test_util.c drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/test/testcases/ -rw-rw-rw- 0 bert bert 258 Sep 4 2004 serf-1.3.9/test/testcases/chunked-empty.response -rw-rw-rw- 0 bert bert 131 Sep 8 2004 serf-1.3.9/test/testcases/chunked-trailers.response -rw-rw-rw- 0 bert bert 114 Sep 8 2004 serf-1.3.9/test/testcases/chunked.response -rw-rw-rw- 0 bert bert 639 Sep 8 2004 serf-1.3.9/test/testcases/deflate.response -rw-rw-rw- 0 bert bert 16 Mar 29 2005 serf-1.3.9/test/testcases/simple.request -rw-rw-rw- 0 bert bert 845 Sep 4 2004 serf-1.3.9/test/testcases/simple.response {noformat} -- This message was sent by Atlassian JIRA (v6.3.15#6346)