Project

General

Profile

Bug #1227

downloadable tar.gz has the wrong permissions on it's directories

Added by Anonymous over 12 years ago. Updated almost 11 years ago.

Status:
Invalid
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

The downloadable tar.gz of the source of lighttpd 1.4.15 (and 1.4.13) has world writable directories in it. This could be a security flaw on a shared machine as someone could pollute the source before it was built.

-- lighttpd

History

#1

Updated by admin over 12 years ago

Part of the problem is that you/tar is depending on the permissions in the .tar while there's no need to depend on them.

#2

Updated by darix over 12 years ago

what umask do you have?

#3

Updated by stbuehler about 11 years ago

  • Status changed from New to Fixed
  • Resolution set to invalid

Use a sane umask (like 0022) and there shouldn't be any problems. It is automakes fault anyway :)

#4

Updated by stbuehler almost 11 years ago

  • Status changed from Fixed to Invalid

Also available in: Atom