file permissions munged in unison 2.27, please update to 2.32
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unison (Debian) |
Fix Released
|
Unknown
|
|||
unison (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Hardy has unison 2.13.16, and Intrepid has 2.27.57. After upgrading, a bug occurs that has to do with file permissions. To reproduce the bug:
Create a new directory and a new .prf file that refers to that directory, with perms = 0. Create a new file in that directory. Synchronize the file with another machine. The synchronized version of the file has erroneous permissions -rw------. From discussions with the author, I think this may actually be a problem that occurs specifically because of the upgrade from this specific old version (2.13, which dates back to 2005) to this specific new version (2.27).
Upgrading to unison 2.32.1 fixes the bug.
I've checked the box saying that it's a security vulnerability, because the bug puts incorrect permissions on files. The behavior I've observed actually makes the permissions on the file *more* strict than they should be, but I don't know whether the same bug could also result in the opposite behavior, making them less strict than they should be, which would be a security vulnerability. It may depend on the umasks that are set on the two machines.
Related branches
security vulnerability: | yes → no |
Changed in unison (Debian): | |
status: | Unknown → Fix Released |
2.32 has recently been marked stable, so it should be a good candidate for update.
Also, the Unicode support has been greatly improved in the newer releases since 2.27, which would really worth updating for, since the majority of the world needs Unicode for local language support and interacting with other systems.