asdf-module.mk -- security issue: wrong permissions for contrib
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
SBCL |
Fix Released
|
Undecided
|
Nathan Froyd |
Bug Description
SBCL 1.0.34.7
Linux badger 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 17:01:44 UTC 2009 x86_64 GNU/Linux
I reported it already several times on sbcl-devel -- no result. I'll try to do it here. It's a long standing issue with contrib/
Thus, when the contrib files and directories are being installed, the permissions for the directories are not set properly, only the files permissions are properly set.
*** How to reproduce:
Build and install SBCL as a non-root user. Look at the permissions of the following directories
/usr/local/
/usr/local/
etc.
They are set to the user who built and installed SBCL.
*** Why '-type f' happens to be in asdf-module.mk's find:
That 'find' was used with '-type f' in the asdf-module.mk revision when the directories were not copied. As far as I remember, that particular revision had some problems on Windows machines, therefore it was modified to make things happier. In the next revision both directories and files were copied but '-type f' remained as if it's only for files.
*** How to fix: Delete '-type f' from the last line of asdf-module.mk:
Instead of
find "$(BUILD_
It must be:
find "$(BUILD_
description: | updated |
visibility: | private → public |
Changed in sbcl: | |
status: | Fix Committed → Fix Released |
I will apply this patch to the next release.