Re: stable coreutils-8.1 today, fingers crossed (original) (raw)

[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

From: Jim Meyering
Subject: Re: stable coreutils-8.1 today, fingers crossed
Date: Sun, 22 Nov 2009 16:32:57 +0100

Alan Curry wrote:

Jim Meyering writes: > > Gilles Espinasse wrote: > ... > >> [chroot-i486] root:/$ umask > >> 0022 > >> [chroot-i486] root:/$ rm -rf /usr/src/coreutils* > >> [chroot-i486] root:/$ cd /usr/src > >> [chroot-i486] root:/usr/src$ tar xf cache/coreutils-8.1.tar.gz > >> [chroot-i486] root:/usr/src$ ls -ld /usr /usr/src /usr/src/coreutils-8.1 > ... > >> drwxrwxrwx 13 root root 4096 Nov 18 18:55 /usr/src/coreutils-8.1 > >> > >> don't know why > > > > Just the side effect of using tar as root > > --no-same-permissions let umask be applied > > Thanks for explaining. > That's another good reason to do less as root.

So was the drwxrwxrwx in the tarball put there to teach a lesson to those who trust a tarball to have sane permissions? Or is it a bug?

On one hand, you can also think of it as a LART for anyone who builds from source as root ;-)

I think the motivation was to avoid imposing restrictions. With relaxed permissions, the umask of the unpacker completely determines the permissions. If the distribution-tarball-creator were to choose stricter permissions, say prohibiting group/other write access, that would make it harder for people who use 002 and want all directories to be group-writable.

That said, I'd have no objection to applying "chmod 755" (rather than a+rwx) to the directories that go into the tarball.

FYI, those permissions were set via the Automake-generated "make dist" rule, so every automake-using package has created distribution tarballs that way for at least 10 years.