Re: texinfo 5.2 dist creates directories that are 777
() Norbert Preining prein...@logic.at () Sun, 17 Nov 2013 08:44:43 +0900 So -p is more than just preserve modification time?!? At least on my GNU tar ... -p, --preserve-permissions, --same-permissions extract information about file permissions (default for superuser) ;-) That's a new one on me. One never stops learning. Indeed! Perhaps OP got confused by ‘cp -p’, which has similar but not identical meaning. I use that sometimes for hand-rolled (Automake-less) make dist target (prep phase). I was ignorant of ‘tar -p’ until just now. -- Thien-Thi Nguyen GPG key: 4C807502 (if you're human and you know it) read my lisp: (responsep (questions 'technical) (not (via 'mailing-list))) = nil pgpmaR7v7n7qC.pgp Description: PGP signature
Re: texinfo 5.2 dist creates directories that are 777
such unreasonably permissive file modes. I don't feel terribly strongly about it, but I disagree with unreasonably. Anyway, I don't think I am doing anything to explicitly change the permissions (any more), just taking whatever Automake does. is how came that the upload script accepted it. Well, Sergey, you have easier access to the upload script (on puszca) than anyone else, since the version from the FSF is never up to date. As I recall, the checks were done by grepping the Makefile.in for various strings, not by directly looking at permissions. Looking at the Makefile.in (generated with automake 1.14), I see a lot of chmod's in the dist targets, including as part of complicated find expressions, etc., but cannot untangle it all now. Maybe someone who feels more strongly about it would like to spend that time. I don't think it has anything to with Texinfo specifically. Related entries I see in Automake NEWS: .. Bugs fixed in 1.12.2: - The 'distcheck' recipe no longer grants temporary world-write permissions on the extracted distdir. Even if such rights were only granted for a vanishingly small time window, the implied race condition proved to be enough to allow a local attacker to run arbitrary code with the privileges of the user running make distcheck. This is CVE-2012-3386. .. Bugs fixed in 1.11.1: - The distribution is tarred up with mode 755 now by the `dist*' targets. This fixes a race condition where untrusted users could modify files in the $(PACKAGE)-$(VERSION) distdir before packing if the toplevel build directory was world-searchable. This is CVE-2009-4029. karl
Re: texinfo 5.2 dist creates directories that are 777
Aharon Robbins arn...@skeeve.com writes: Something's messed up somewhere. Ubuntu 12.04: $ umask 022 $ tar -xpzf /usr/local/src/Gnu/texinfo-5.2.tar.gz Andreas Schwab sch...@linux-m68k.org wrote: You explicitly told tar to ignore umask. No surprise. So -p is more than just preserve modification time?!? That's a new one on me. OK, thanks. Arnold
Re: texinfo 5.2 dist creates directories that are 777
arn...@skeeve.com writes: Aharon Robbins arn...@skeeve.com writes: Something's messed up somewhere. Ubuntu 12.04: $ umask 022 $ tar -xpzf /usr/local/src/Gnu/texinfo-5.2.tar.gz Andreas Schwab sch...@linux-m68k.org wrote: You explicitly told tar to ignore umask. No surprise. So -p is more than just preserve modification time?!? Preserve modification time is the default. Andreas. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 And now for something completely different.
Re: texinfo 5.2 dist creates directories that are 777
Hi Karl. Is it a bug or a feature that the Texinfo 5.2 tarball extracts with directories being world writable? Feature. Well, at least it's intentional. Anyone who cares should set umask before unpacking, as usual. Seems to me. Something's messed up somewhere. Ubuntu 12.04: $ umask 022 $ tar -xpzf /usr/local/src/Gnu/texinfo-5.2.tar.gz $ ls -ld texinfo-5.2 drwxrwxrwx 15 arnold arnold 4096 Sep 27 02:06 texinfo-5.2 Surprise, surprise, surprise! Besides, haven't the Autconf / Automake guys been making releases that change the default permissions on directories in tar balls to avoid this? (I admit I haven't followed in close detail.) Thanks, Arnold
Re: texinfo 5.2 dist creates directories that are 777
Aharon Robbins arn...@skeeve.com writes: Something's messed up somewhere. Ubuntu 12.04: $ umask 022 $ tar -xpzf /usr/local/src/Gnu/texinfo-5.2.tar.gz You explicitly told tar to ignore umask. No surprise. Andreas. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 And now for something completely different.
Re: texinfo 5.2 dist creates directories that are 777
Andreas Schwab sch...@linux-m68k.org ha escrit: $ tar -xpzf /usr/local/src/Gnu/texinfo-5.2.tar.gz You explicitly told tar to ignore umask. No surprise. No surprise, indeed. What actually surprises me is why the tarball itself contains such unreasonably permissive file modes. I guess that's what the original posting was about. Yet another question is how came that the upload script accepted it. Regards, Sergey
Re: texinfo 5.2 dist creates directories that are 777
Is it a bug or a feature that the Texinfo 5.2 tarball extracts with directories being world writable? Feature. Well, at least it's intentional. Anyone who cares should set umask before unpacking, as usual. Seems to me. karl
