Project

General

Profile

Bug #1227

downloadable tar.gz has the wrong permissions on it's directories

Added by Anonymous about 13 years ago. Updated almost 12 years ago.

Status:
Invalid
Priority:
Normal
Category:
core
Target version:
ASK QUESTIONS IN Forums:

Description

The downloadable tar.gz of the source of lighttpd 1.4.15 (and 1.4.13) has world writable directories in it. This could be a security flaw on a shared machine as someone could pollute the source before it was built.

-- lighttpd

#1

Updated by admin about 13 years ago

Part of the problem is that you/tar is depending on the permissions in the .tar while there's no need to depend on them.

#2

Updated by darix about 13 years ago

what umask do you have?

#3

Updated by stbuehler almost 12 years ago

  • Status changed from New to Fixed
  • Resolution set to invalid

Use a sane umask (like 0022) and there shouldn't be any problems. It is automakes fault anyway :)

#4

Updated by stbuehler almost 12 years ago

  • Status changed from Fixed to Invalid

Also available in: Atom