Comment 2 for bug 1780380

Created attachment 364129
Video of Fileroller changing perms

Hello,

Ubuntu Security referred me to file a bug here.

When dragging and dropping a file into a .tar.gz file that has permissions 600 set to it, in the background, a new archive is created with different permissions than the original artifact.

Example:

user@gnu:~/Documents/test$ ls -l
total 11380
-rwxr-xr-x 1 dolev dolev 901 Nov 19 00:28 index.html
-rw------- 1 dolev dolev 11629401 Nov 19 00:39 test.tar.gz

when I drag an drop index.html into test.tar.gz, the following happens

1) a new .tar.gz file (vliv8kxjt2J6BRwz.test.tar.gz) is created while the file is being copied

2) when it's done, the original file gets deleted (test.tar.gz).

3) 'vliv8kxjt2J6BRwz.test.tar.gz' then gets renamed to the original filename 'test.tar.gz', while not preserving the original permissions. I'm guessing it takes umask.

while file was being created:
-rw------- 1 user user 901 Nov 19 00:28 index.html
-rw------- 1 user user 11629401 Nov 19 00:44 test.tar.gz
-rw-rw-r-- 1 user user 10137600 Nov 19 00:47 vliv8kxjt2J6BRwz.test.tar.gz
total 11380

after it's done, notice the permissions changed from 600 to 664:
-rw------- 1 user user 901 Nov 19 00:28 index.html
-rw-rw-r-- 1 user user 11629406 Nov 19 00:47 test.tar.gz
total 11380

Since the user is simply dragging and dropping a file, it's not obvious that the file now has different permissions. also, in shared environments, read permissions to others allows decompressing the archive.

attached is a video for your convenience.