Issue 8464: tarfile creates tarballs with execute permissions set (original) (raw)

Created on 2010-04-19 17:38 by mastrodomenico, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Messages (5)
msg103617 - (view)	Author: Lino Mastrodomenico (mastrodomenico)	Date: 2010-04-19 17:38
tarfile.open(filename, "w|") creates a tar file with execute permissions set, if filename doesn't exist (i.e. it uses mode 0777 minus the umask). It should instead use mode 0666 minus the umask, which is what happens when using mode "w:..." instead of "w	...". AFAICT this bug has always been present since the introduction of tarfile in Python 2.3, but it may soon become more noticeable since the new function shutil.make_archive() in Python 2.7 and 3.2 uses tarfile with mode "w	". I have attached a patch for the trunk.
msg103623 - (view)	Author: Shashwat Anand (l0nwlf)	Date: 2010-04-19 18:53
Is "self.fd = os.open(name, mode, 0666)" Ok ? Should not it be "self.fd = os.open(name, mode, 0644)", because that is what the default permissions are.
msg103633 - (view)	Author: Lino Mastrodomenico (mastrodomenico)	Date: 2010-04-19 20:19
I think 0666 is correct because os.open() does a bitwise AND between this value and the bitwise inversion of the umask, something like oct(0666 & ~umask). Since the umask is usually 022 octal (18 decimal), the actual permission on disk should be 0644 as expected.
msg103679 - (view)	Author: Lars Gustäbel (lars.gustaebel) *	Date: 2010-04-20 07:11
0666 is the right mode and the patch is correct. @Tarek: Why does shutil.make_archive() use mode "w|..." instead of "w:..."? IMHO that is not necessary, because it works on regular files only.
msg104526 - (view)	Author: Lars Gustäbel (lars.gustaebel) *	Date: 2010-04-29 15:45
I applied the patch and added a test case (see r80616-r80619). Thanks for the report.