[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: permissions from make dist

From: Ralf Wildenhues
Subject: Re: permissions from make dist
Date: Fri, 27 Feb 2009 08:27:23 +0100
User-agent: Mutt/1.5.18 (2008-05-17)

Hello Richard,

thanks for the report.

* Richard Cunningham wrote on Thu, Feb 26, 2009 at 03:32:03PM CET:
> I am finding that a number of packages come with tars with world write  
> on some the directories when unpacked (without a umask).
> I reported the issue to the lighttpd, who said:
> 'please file a bug on autotools at the gnu website. they do this on  
> purpose for some unknown reason in "make dist".'
> http://redmine.lighttpd.net/issues/1921

If any, this would be an Automake bug rather than an Autoconf one.
Adding bug-automake in Cc:.

I'm not yet sure if it needs fixing, as a sensible umask avoids security
issues at unpacking time.  Anyway, the current code is mandated by the
GNU Coding Standards, so if would need changing, too:

|    Make sure that the directory into which the distribution unpacks (as
| well as any subdirectories) are all world-writable (octal mode 777).
| This is so that old versions of `tar' which preserve the ownership and
| permissions of the files from the tar archive will be able to extract
| all the files even if the user is unprivileged.
|    Make sure that all the files in the distribution are world-readable.

The code in question lives in automake/lib/am/distdir.am and there
carries this comment:

## This complex find command will try to avoid changing the modes of
## links into the source tree, in case they're hard-linked.  It will
## also make directories writable by everybody, because some
## brain-dead tar implementations change ownership and permissions of
## a directory before extracting the files, thus becoming unable to
## extract them.
## Ignore return result from chmod, because it might give an error
## if we chmod a symlink.
## Another nastiness: if the file is unreadable by us, we make it
## readable regardless of the number of links to it.  This only
## happens in perverse cases.

This comment was added originally in:

commit 2d5c3abead3f72c457d886b92b3fbd977d273191
Author: Alexandre Oliva <address@hidden>
Date:   Mon Jun 7 03:34:04 1999 +0000

    * automake.in (dist_header): Avoid changing permissions of files
    in the source tree, trying a complex `find/chmod' command before
    falling back to plain chmod.
    (handle_dist_worker): Do not create directories with mode 777, the
    find above will take care of that.
    * m4/init.m4: Set install_sh for find/chmod above.

Some discussion I can find from around this time in the old list
archive: <http://sourceware.org/ml/automake/1999-05/msg00036.html>.
One should note that even then, the "old tar" versions hinted at in GCS
were considered old already.

Hope that helps.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]