[arch-dev-public] [pacman-dev] pacman screws up permissions
Dan McGee
dpmcgee at gmail.com
Wed Jun 20 16:19:56 EDT 2007
On 6/20/07, Thomas Bächler <thomas.baechler at gmx.de> wrote:
> I just installed the ntfs-3g package with pacman 3.0.5-1:
>
> $ /bin/ls -lhF /bin/ntfs-3g /usr/man/man8/ntfs-3g.8.gz
> -rwxrwxrwx 1 root root 36K 20. Jun 01:45 /bin/ntfs-3g*
> -rwxrwxrwx 1 root root 3,0K 20. Jun 01:44 /usr/man/man8/ntfs-3g.8.gz*
>
> The permissions in the tarfile are 755 for /bin/ntfs-3g (and I suppose
> they are 644 for the manpage, didn't check that). This behaviour can
> cause critical bugs and in this case is security-relevant, as a user
> could change the ntfs-3g binary, which is executed at boot time on many
> systems. This has to be fixed FAST.
Has anyone read my recent emails? I've said the same thing, and I
think it is due to a "fix" that didn't get tested well in pacman
3.0.5. I think I'm going to roll back that fix tonight unless someone
else can come up with a solution.
Relevant stuff:
http://archlinux.org/pipermail/arch-dev-public/2007-June/001048.html
http://archlinux.org/pipermail/pacman-dev/2007-June/008567.html
http://archlinux.org/pipermail/pacman-dev/2007-June/008567.html
http://bugs.archlinux.org/task/7461
http://bugs.archlinux.org/task/7323
-Dan
More information about the arch-dev-public
mailing list