asdf-module.mk -- security issue: wrong permissions for contrib
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| SBCL |
Fix Released
|
Undecided
|
Nathan Froyd | ||
Bug Description
SBCL 1.0.34.7
Linux badger 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 17:01:44 UTC 2009 x86_64 GNU/Linux
I reported it already several times on sbcl-devel -- no result. I'll try to do it here. It's a long standing issue with contrib/
Thus, when the contrib files and directories are being installed, the permissions for the directories are not set properly, only the files permissions are properly set.
*** How to reproduce:
Build and install SBCL as a non-root user. Look at the permissions of the following directories
/usr/local/
/usr/local/
etc.
They are set to the user who built and installed SBCL.
*** Why '-type f' happens to be in asdf-module.mk's find:
That 'find' was used with '-type f' in the asdf-module.mk revision when the directories were not copied. As far as I remember, that particular revision had some problems on Windows machines, therefore it was modified to make things happier. In the next revision both directories and files were copied but '-type f' remained as if it's only for files.
*** How to fix: Delete '-type f' from the last line of asdf-module.mk:
Instead of
find "$(BUILD_
It must be:
find "$(BUILD_
| description: | updated |
| Eugene Ossintsev (eugoss-deactivatedaccount) wrote | #1 |
| visibility: | private → public |
| Nathan Froyd (froydnj) wrote | #2 |
| Changed in sbcl: | |
| assignee: | nobody → Nathan Froyd (froydnj) |
| Eugene Ossintsev (eugoss-deactivatedaccount) wrote | #3 |
| Christophe Rhodes (csr21-cantab) wrote Re: [Bug 508485] Re: asdf-module.mk -- security issue: wrong permissions for contrib | #4 |
| Changed in sbcl: | |
| status: | New → Fix Committed |
| Changed in sbcl: | |
| status: | Fix Committed → Fix Released |
I will apply this patch to the next release.