backup.bzr directory is world readable

Bug #262450 reported by James Troup on 2008-08-28
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Parth Malwankar
Parth Malwankar

Bug Description

When you 'bzr upgrade' the backup.bzr directory is created world readable. For people who use permissions on the local .bzr as access control this is critically bad. Please don't do that and instead either clone the permissions from .bzr or default to 0700.

Related branches

John A Meinel (jameinel) wrote :

I agree it should inherit the .bzr/ permissions. It isn't hard to do, I'm sure we just didn't think about it.

Changed in bzr:
importance: Undecided → High
status: New → Triaged
Martin Pool (mbp) wrote :

  tags upgrade


Parth Malwankar (parthm) on 2010-02-16
Changed in bzr:
assignee: nobody → Parth Malwankar (parthm)
status: Triaged → In Progress
Martin Pool (mbp) wrote :
Download full text (3.5 KiB)

This fails in a fairly obvious way with

ERROR: bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check
_StringException: Text attachment: log
199.429 run bzr: ['init', '--format=1.6']
199.430 bazaar version: 2.2.0dev1
199.430 bzr arguments: ['init', '--format=1.6']
199.432 encoding stdout as sys.stdout encoding 'UTF-8'
199.438 creating repository in file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr/.
199.441 creating branch <bzrlib.branch.BzrBranchFormat7 object at 0x4e26b90> in file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr/
199.449 trying to create missing lock '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr/checkout/dirstate'
199.449 opening working tree '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work'
199.456 opening working tree '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work'
199.458 output:
'Created a standalone tree (format: 1.6)\n'
199.458 run bzr: ['upgrade']
199.458 bazaar version: 2.2.0dev1
199.458 bzr arguments: ['upgrade']
199.460 encoding stdout as sys.stdout encoding 'UTF-8'
199.472 creating repository in file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr/.
 WARNING Doing on-the-fly conversion from <RepositoryFormatKnitPack5> to <RepositoryFormat2a>.
This may take some time. Upgrade the repositories to the same format for better performance.

199.483 opening working tree '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work'
199.492 opening working tree '/tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work'
199.492 output:
'starting upgrade of file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/\nmaking backup of file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/.bzr\n to file:///tmp/testbzr-7brzZD.tmp/bzrlib.tests.blackbox.test_upgrade.TestWithUpgradableBranches.test_upgrade_permission_check/work/backup.bzr.~1~\nstarting repository conversion\nrepository converted\nfinished\n'
199.492 errors:
'Doing on-the-fly conversion from <RepositoryFormatKnitPack5> to <RepositoryFormat2a>.\nThis may take some time. Upgrade the repositories to the same format for better performance.\n\n'
Text attachment: traceback
Traceback (most recent call last):
 File "/usr/lib/python2.4/site-packages/testtools/", line 128, in _run_user
   return fn(*args...


Martin Pool (mbp) on 2010-03-30
Changed in bzr:
milestone: none → 2.2b1
status: In Progress → Fix Released
Martin Pool (mbp) wrote :

Will be in 2.0.6

Max Bowsher (maxb) wrote :

This landed in 2.1.2 via merge up from 2.0.6, closing 2.1 series task.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers