[arch-dev-public] [pacman-dev] pacman screws up permissions
belanger at ASTRO.UMontreal.CA
Wed Jun 20 16:58:49 EDT 2007
On Wed, 20 Jun 2007, Dan McGee wrote:
> On 6/20/07, Thomas Bächler <thomas.baechler at gmx.de> wrote:
>> I just installed the ntfs-3g package with pacman 3.0.5-1:
>> $ /bin/ls -lhF /bin/ntfs-3g /usr/man/man8/ntfs-3g.8.gz
>> -rwxrwxrwx 1 root root 36K 20. Jun 01:45 /bin/ntfs-3g*
>> -rwxrwxrwx 1 root root 3,0K 20. Jun 01:44 /usr/man/man8/ntfs-3g.8.gz*
>> The permissions in the tarfile are 755 for /bin/ntfs-3g (and I suppose
>> they are 644 for the manpage, didn't check that). This behaviour can
>> cause critical bugs and in this case is security-relevant, as a user
>> could change the ntfs-3g binary, which is executed at boot time on many
>> systems. This has to be fixed FAST.
> Has anyone read my recent emails? I've said the same thing, and I
> think it is due to a "fix" that didn't get tested well in pacman
> 3.0.5. I think I'm going to roll back that fix tonight unless someone
> else can come up with a solution.
> Relevant stuff:
There was a related problem with a previous version of pacman. I haven't
check if it's still there in pacman 3.05.
When doing chown and chmod on a file to add it to a group (with rw
permissions) like so:
the file was installed with the permissions/ownership of:
even if doing tar -tzvf on the package would should the correct
permission/ownership like Thomas said above. I wanted to test with a git
checkout of pacman but haven't done it yet.
There's definitely a problem with file permission/ownership that was
introduced before the 3.05 release. Maybe the latest fixes made it
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the arch-dev-public