Re: texinfo 5.2 dist creates directories that are 777
() Norbert Preining () Sun, 17 Nov 2013 08:44:43 +0900 > So -p is more than just "preserve modification time"?!? At least on my GNU tar ... -p, --preserve-permissions, --same-permissions extract information about file permissions (default for superuser) ;-) > That's a new one on me. One never stops learning. Indeed! Perhaps OP got confused by ‘cp -p’, which has similar but not identical meaning. I use that sometimes for hand-rolled (Automake-less) "make dist" target (prep phase). I was ignorant of ‘tar -p’ until just now. -- Thien-Thi Nguyen GPG key: 4C807502 (if you're human and you know it) read my lisp: (responsep (questions 'technical) (not (via 'mailing-list))) => nil pgpmaR7v7n7qC.pgp Description: PGP signature
Re: texinfo 5.2 dist creates directories that are 777
such unreasonably permissive file modes. I don't feel terribly strongly about it, but I disagree with "unreasonably". Anyway, I don't think I am doing anything to explicitly change the permissions (any more), just taking whatever Automake does. is how came that the upload script accepted it. Well, Sergey, you have easier access to the upload script (on puszca) than anyone else, since the version from the FSF is never up to date. As I recall, the checks were done by grepping the Makefile.in for various strings, not by directly looking at permissions. Looking at the Makefile.in (generated with automake 1.14), I see a lot of chmod's in the dist targets, including as part of complicated find expressions, etc., but cannot untangle it all now. Maybe someone who feels more strongly about it would like to spend that time. I don't think it has anything to with Texinfo specifically. Related entries I see in Automake NEWS: .. Bugs fixed in 1.12.2: - The 'distcheck' recipe no longer grants temporary world-write permissions on the extracted distdir. Even if such rights were only granted for a vanishingly small time window, the implied race condition proved to be enough to allow a local attacker to run arbitrary code with the privileges of the user running "make distcheck". This is CVE-2012-3386. .. Bugs fixed in 1.11.1: - The distribution is tarred up with mode 755 now by the `dist*' targets. This fixes a race condition where untrusted users could modify files in the $(PACKAGE)-$(VERSION) distdir before packing if the toplevel build directory was world-searchable. This is CVE-2009-4029. karl
Re: texinfo 5.2 dist creates directories that are 777
> So -p is more than just "preserve modification time"?!? At least on my GNU tar ... -p, --preserve-permissions, --same-permissions extract information about file permissions (default for superuser) ;-) > That's a new one on me. One never stops learning. Norbert PREINING, Norbert http://www.preining.info JAIST, Japan TeX Live & Debian Developer DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
Re: texinfo 5.2 dist creates directories that are 777
arn...@skeeve.com writes: >> Aharon Robbins writes: >> >> > Something's messed up somewhere. Ubuntu 12.04: >> > >> >$ umask 022 >> >$ tar -xpzf /usr/local/src/Gnu/texinfo-5.2.tar.gz > > Andreas Schwab wrote: >> You explicitly told tar to ignore umask. No surprise. > > So -p is more than just "preserve modification time"?!? "Preserve modification time" is the default. Andreas. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
Re: texinfo 5.2 dist creates directories that are 777
> Aharon Robbins writes: > > > Something's messed up somewhere. Ubuntu 12.04: > > > > $ umask 022 > > $ tar -xpzf /usr/local/src/Gnu/texinfo-5.2.tar.gz Andreas Schwab wrote: > You explicitly told tar to ignore umask. No surprise. So -p is more than just "preserve modification time"?!? That's a new one on me. OK, thanks. Arnold
Re: texinfo 5.2 dist creates directories that are 777
Andreas Schwab ha escrit: > > $ tar -xpzf /usr/local/src/Gnu/texinfo-5.2.tar.gz > > You explicitly told tar to ignore umask. No surprise. No surprise, indeed. What actually surprises me is why the tarball itself contains such unreasonably permissive file modes. I guess that's what the original posting was about. Yet another question is how came that the upload script accepted it. Regards, Sergey
Re: texinfo 5.2 dist creates directories that are 777
Aharon Robbins writes: > Something's messed up somewhere. Ubuntu 12.04: > > $ umask 022 > $ tar -xpzf /usr/local/src/Gnu/texinfo-5.2.tar.gz You explicitly told tar to ignore umask. No surprise. Andreas. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
Re: texinfo 5.2 dist creates directories that are 777
Hi Karl. > Is it a bug or a feature that the Texinfo 5.2 tarball extracts with > directories being world writable? > > Feature. Well, at least it's intentional. > > Anyone who cares should set umask before unpacking, as usual. > Seems to me. Something's messed up somewhere. Ubuntu 12.04: $ umask 022 $ tar -xpzf /usr/local/src/Gnu/texinfo-5.2.tar.gz $ ls -ld texinfo-5.2 drwxrwxrwx 15 arnold arnold 4096 Sep 27 02:06 texinfo-5.2 "Surprise, surprise, surprise!" Besides, haven't the Autconf / Automake guys been making releases that change the default permissions on directories in tar balls to avoid this? (I admit I haven't followed in close detail.) Thanks, Arnold
Re: texinfo 5.2 dist creates directories that are 777
Is it a bug or a feature that the Texinfo 5.2 tarball extracts with directories being world writable? Feature. Well, at least it's intentional. Anyone who cares should set umask before unpacking, as usual. Seems to me. karl