Project

General

Profile

Actions

Bug #1227

closed

downloadable tar.gz has the wrong permissions on it's directories

Added by Anonymous over 17 years ago. Updated about 16 years ago.

Status:
Invalid
Priority:
Normal
Category:
core
Target version:
ASK QUESTIONS IN Forums:

Description

The downloadable tar.gz of the source of lighttpd 1.4.15 (and 1.4.13) has world writable directories in it. This could be a security flaw on a shared machine as someone could pollute the source before it was built.

-- lighttpd

Actions #1

Updated by admin over 17 years ago

Part of the problem is that you/tar is depending on the permissions in the .tar while there's no need to depend on them.

Actions #2

Updated by darix over 17 years ago

what umask do you have?

Actions #3

Updated by stbuehler over 16 years ago

  • Status changed from New to Fixed
  • Resolution set to invalid

Use a sane umask (like 0022) and there shouldn't be any problems. It is automakes fault anyway :)

Actions #4

Updated by stbuehler about 16 years ago

  • Status changed from Fixed to Invalid
Actions

Also available in: Atom