[Lustre-devel] Unsafe directory modes in lustre-source RPMs

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Benjamin Bennett <ben@psc.edu>
To: lustre-devel@lists.lustre.org
Subject: [Lustre-devel] Unsafe directory modes in lustre-source RPMs
Date: Mon, 23 Jun 2008 23:11:02 -0400	[thread overview]
Message-ID: <486065C6.7020302@psc.edu> (raw)

lustre.spec uses 'make distdir ...' to setup the source tree which will 
be packaged into the lustre-source rpm.

Automake sets all directories in the distdir tree to mode 777 
(world-writable, search for "brain-dead tar" in 
/usr/share/automake-1.7/am/distdir.am).

These modes are kept in rpm packaging, and once the rpm is installed 
/usr/src/lustre-${version} and its descendant directories will be mode 
777 (world-writable).

This can be seen in the release rpms, and those generated from cvs, with 
a command such as:
  $ rpm -qlp --dump lustre-source.rpm | \
    awk '{if ($5 ~ "^04") print $5,$1}'

This is obviously less than ideal for any system with unprivileged 
users.  I've added a find setting the directory modes to 755 just after 
the make distdir (see patch).  Please let me know if there's any reason 
this can't be committed.

thanks,

--ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lustre-source-fix-unsafe-dir-modes.patch
Type: text/x-patch
Size: 557 bytes
Desc: not available
URL: <http://lists.lustre.org/pipermail/lustre-devel-lustre.org/attachments/20080623/b7b54cb4/attachment.bin>

next             reply	other threads:[~2008-06-24  3:11 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-06-24  3:11 Benjamin Bennett [this message]
2008-06-25 19:52 ` [Lustre-devel] Unsafe directory modes in lustre-source RPMs Andreas Dilger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=486065C6.7020302@psc.edu \
    --to=ben@psc.edu \
    --cc=lustre-devel@lists.lustre.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.