modifying an existing archive changes original permissions
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| File Roller |
Expired
|
High
|
|||
| file-roller (Ubuntu) |
Triaged
|
High
|
Unassigned | ||
Bug Description
Hello,
Modifying an existing archive with file-roller results in the original archive permissions being changed/not being preserved.
Creating a new archive and then changing permission to 600
test@gnu:~/Desktop$ ls -ld test.zip
-rw------- 1 test test 943098 Jul 6 01:11 test.zip
test@gnu:~/Desktop$ stat test.zip
File: test.zip
Size: 487575 Blocks: 976 IO Block: 4096 regular file
Device: 36h/54d Inode: 6820796 Links: 1
Access: (0600/-rw-------) Uid: ( 1000/ test) Gid: ( 1000/ test)
Access: 2018-07-06 01:15:59.763424802 -0400
Modify: 2018-07-06 01:15:59.711424502 -0400
Change: 2018-07-06 01:16:18.159530978 -0400
Birth: -
Opening the archive with file roller, and adding a new file:
test@gnu:~/Desktop$ ls -ld test.zip
-rw-r--r-- 1 test test 1430045 Jul 6 01:12 test.zip
test@gnu:~/Desktop$ stat test.zip
File: test.zip
Size: 486572 Blocks: 968 IO Block: 4096 regular file
Device: 36h/54d Inode: 6820794 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 1000/ test) Gid: ( 1000/ test)
Access: 2018-07-06 01:16:29.519596466 -0400
Modify: 2018-07-06 01:16:29.455596097 -0400
Change: 2018-07-06 01:16:29.475596212 -0400
File-roller version: 3.28.0
Distributor ID: Ubuntu
Description: Ubuntu 18.04 LTS
Release: 18.04
Codename: bionic
| Emily Ratliff (emilyr) wrote | #1 |
| information type: | Private Security → Public Security |
| Changed in file-roller (Ubuntu): | |
| importance: | Undecided → High |
| status: | New → Triaged |
| Changed in file-roller: | |
| importance: | Unknown → High |
| status: | Unknown → Expired |
Created attachment 364129
Video of Fileroller changing perms
Hello,
Ubuntu Security referred me to file a bug here.
When dragging and dropping a file into a .tar.gz file that has permissions 600 set to it, in the background, a new archive is created with different permissions than the original artifact.
Example:
user@gnu:
total 11380
-rwxr-xr-x 1 dolev dolev 901 Nov 19 00:28 index.html
-rw------- 1 dolev dolev 11629401 Nov 19 00:39 test.tar.gz
when I drag an drop index.html into test.tar.gz, the following happens
1) a new .tar.gz file (vliv8kxjt2J6BR
2) when it's done, the original file gets deleted (test.tar.gz).
3) 'vliv8kxjt2J6BR
while file was being created:
-rw------- 1 user user 901 Nov 19 00:28 index.html
-rw------- 1 user user 11629401 Nov 19 00:44 test.tar.gz
-rw-rw-r-- 1 user user 10137600 Nov 19 00:47 vliv8kxjt2J6BRw
total 11380
after it's done, notice the permissions changed from 600 to 664:
-rw------- 1 user user 901 Nov 19 00:28 index.html
-rw-rw-r-- 1 user user 11629406 Nov 19 00:47 test.tar.gz
total 11380
Since the user is simply dragging and dropping a file, it's not obvious that the file now has different permissions. also, in shared environments, read permissions to others allows decompressing the archive.
attached is a video for your convenience.