[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: texinfo 5.2 dist creates directories that are 777
From: |
Karl Berry |
Subject: |
Re: texinfo 5.2 dist creates directories that are 777 |
Date: |
Mon, 18 Nov 2013 00:11:59 GMT |
such unreasonably permissive file modes.
I don't feel terribly strongly about it, but I disagree with
"unreasonably". Anyway, I don't think I am doing anything to explicitly
change the permissions (any more), just taking whatever Automake does.
is how came that the upload script accepted it.
Well, Sergey, you have easier access to the upload script (on puszca)
than anyone else, since the version from the FSF is never up to date.
As I recall, the checks were done by grepping the Makefile.in for
various strings, not by directly looking at permissions.
Looking at the Makefile.in (generated with automake 1.14), I see a lot
of chmod's in the dist targets, including as part of complicated find
expressions, etc., but cannot untangle it all now. Maybe someone who
feels more strongly about it would like to spend that time. I don't
think it has anything to with Texinfo specifically.
Related entries I see in Automake NEWS:
..
Bugs fixed in 1.12.2:
- The 'distcheck' recipe no longer grants temporary world-write
permissions on the extracted distdir. Even if such rights were
only granted for a vanishingly small time window, the implied
race condition proved to be enough to allow a local attacker
to run arbitrary code with the privileges of the user running
"make distcheck". This is CVE-2012-3386.
..
Bugs fixed in 1.11.1:
- The distribution is tarred up with mode 755 now by the `dist*' targets.
This fixes a race condition where untrusted users could modify files
in the $(PACKAGE)-$(VERSION) distdir before packing if the toplevel
build directory was world-searchable. This is CVE-2009-4029.
karl
- texinfo 5.2 dist creates directories that are 777, arnold, 2013/11/12
- Re: texinfo 5.2 dist creates directories that are 777, Karl Berry, 2013/11/13
- Re: texinfo 5.2 dist creates directories that are 777, Aharon Robbins, 2013/11/15
- Re: texinfo 5.2 dist creates directories that are 777, arnold, 2013/11/16
- Re: texinfo 5.2 dist creates directories that are 777, Andreas Schwab, 2013/11/16
- Re: texinfo 5.2 dist creates directories that are 777, Norbert Preining, 2013/11/16
- Re: texinfo 5.2 dist creates directories that are 777, Thien-Thi Nguyen, 2013/11/21