[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] do not put world-writable directories in distribution tarballs
From: |
Jim Meyering |
Subject: |
[PATCH] do not put world-writable directories in distribution tarballs |
Date: |
Sat, 28 Nov 2009 21:29:01 +0100 |
Hi Ralf,
Per recent discussion,
http://thread.gmane.org/gmane.comp.gnu.coreutils.bugs/18993/focus=11176
please consider the patch below.
Without it, a root-run invocation of gnu tar (without --no-same-permissions)
to unpack a tarball created by "make dist" (this affects any automake-using
project) will result in all directories being world-writable.
>From 2d12a10952025e47c0487572c494ece9d6bd3a36 Mon Sep 17 00:00:00 2001
From: Jim Meyering <address@hidden>
Date: Sat, 28 Nov 2009 21:05:33 +0100
Subject: [PATCH] do not put world-writable directories in distribution tarballs
* lib/am/distdir.am (distdir): Do not make all directories
group- or world-writable. Instead, use 755.
* tests/subpkg4.test (test-distdir-is-readable): Check for new,
more restricted permissions.
---
ChangeLog | 8 ++++++++
lib/am/distdir.am | 9 +++------
tests/subpkg4.test | 2 +-
3 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index d48efd4..d625b0f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2009-11-28 Jim Meyering <address@hidden>
+
+ do not put world-writable directories in distribution tarballs
+ * lib/am/distdir.am (distdir): Do not make all directories
+ group- or world-writable. Instead, use 755.
+ * tests/subpkg4.test (test-distdir-is-readable): Check for new,
+ more restricted permissions.
+
2009-11-14 Ralf Wildenhues <address@hidden>
Coverage for corner cases in derive_suffix.
diff --git a/lib/am/distdir.am b/lib/am/distdir.am
index 79277bc..9ec5b57 100644
--- a/lib/am/distdir.am
+++ b/lib/am/distdir.am
@@ -279,11 +279,7 @@ if %?DIST-TARGETS%
endif %?DIST-TARGETS%
##
## This complex find command will try to avoid changing the modes of
-## links into the source tree, in case they're hard-linked. It will
-## also make directories writable by everybody, because some
-## brain-dead tar implementations change ownership and permissions of
-## a directory before extracting the files, thus becoming unable to
-## extract them.
+## links into the source tree, in case they're hard-linked.
##
## Ignore return result from chmod, because it might give an error
## if we chmod a symlink.
@@ -301,7 +297,8 @@ endif %?DIST-TARGETS%
##
if %?TOPDIR_P%
-test -n "$(am__skip_mode_fix)" \
- || find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+ || find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
diff --git a/tests/subpkg4.test b/tests/subpkg4.test
index 8e8371b..1a6835a 100755
--- a/tests/subpkg4.test
+++ b/tests/subpkg4.test
@@ -24,7 +24,7 @@ set -e
cat >Makefile.am <<'END'
SUBDIRS = subpkg
test-distdir-is-readable:
- bad_dirs=`find $(distdir) -type d ! -perm -777 -print`; \
+ bad_dirs=`find $(distdir) -type d ! -perm -755 -print`; \
if test -n "$$bad_dirs"; then \
echo "directories not permissive: $$bad_dirs" >&2; \
exit 1; \
--
1.6.6.rc0.308.g2d025
- [PATCH] do not put world-writable directories in distribution tarballs,
Jim Meyering <=