On 6/20/07, Thomas Bächler <thomas.baechler@gmx.de> wrote:

I just installed the ntfs-3g package with pacman 3.0.5-1:

$ /bin/ls -lhF /bin/ntfs-3g /usr/man/man8/ntfs-3g.8.gz -rwxrwxrwx 1 root root 36K 20. Jun 01:45 /bin/ntfs-3g* -rwxrwxrwx 1 root root 3,0K 20. Jun 01:44 /usr/man/man8/ntfs-3g.8.gz*

The permissions in the tarfile are 755 for /bin/ntfs-3g (and I suppose they are 644 for the manpage, didn't check that). This behaviour can cause critical bugs and in this case is security-relevant, as a user could change the ntfs-3g binary, which is executed at boot time on many systems. This has to be fixed FAST.

Has anyone read my recent emails? I've said the same thing, and I think it is due to a "fix" that didn't get tested well in pacman 3.0.5. I think I'm going to roll back that fix tonight unless someone else can come up with a solution. Relevant stuff: http://archlinux.org/pipermail/arch-dev-public/2007-June/001048.html http://archlinux.org/pipermail/pacman-dev/2007-June/008567.html http://archlinux.org/pipermail/pacman-dev/2007-June/008567.html http://bugs.archlinux.org/task/7461 http://bugs.archlinux.org/task/7323 -Dan