asdf-module.mk -- security issue: wrong permissions for contrib
Linux badger 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 17:01:44 UTC 2009 x86_64 GNU/Linux
I reported it already several times on sbcl-devel -- no result. I'll try to do it here. It's a long standing issue with contrib/
Thus, when the contrib files and directories are being installed, the permissions for the directories are not set properly, only the files permissions are properly set.
*** How to reproduce:
Build and install SBCL as a non-root user. Look at the permissions of the following directories
They are set to the user who built and installed SBCL.
*** Why '-type f' happens to be in asdf-module.mk's find:
That 'find' was used with '-type f' in the asdf-module.mk revision when the directories were not copied. As far as I remember, that particular revision had some problems on Windows machines, therefore it was modified to make things happier. In the next revision both directories and files were copied but '-type f' remained as if it's only for files.
*** How to fix: Delete '-type f' from the last line of asdf-module.mk:
It must be:
|visibility:||private → public|
|Christophe Rhodes (csr21-cantab) wrote : Re: [Bug 508485] Re: asdf-module.mk -- security issue: wrong permissions for contrib||#4|
|Changed in sbcl:|
|status:||Fix Committed → Fix Released|