[arch-dev-public] [pacman-dev] pacman screws up permissions

Eric Belanger belanger at ASTRO.UMontreal.CA
Wed Jun 20 16:58:49 EDT 2007 

On Wed, 20 Jun 2007, Dan McGee wrote:

> On 6/20/07, Thomas Bächler <thomas.baechler at gmx.de> wrote:
>> I just installed the ntfs-3g package with pacman 3.0.5-1:
>>
>> $ /bin/ls -lhF /bin/ntfs-3g /usr/man/man8/ntfs-3g.8.gz
>> -rwxrwxrwx 1 root root  36K 20. Jun 01:45 /bin/ntfs-3g*
>> -rwxrwxrwx 1 root root 3,0K 20. Jun 01:44 /usr/man/man8/ntfs-3g.8.gz*
>>
>> The permissions in the tarfile are 755 for /bin/ntfs-3g (and I suppose
>> they are 644 for the manpage, didn't check that). This behaviour can
>> cause critical bugs and in this case is security-relevant, as a user
>> could change the ntfs-3g binary, which is executed at boot time on many
>> systems. This has to be fixed FAST.
>
> Has anyone read my recent emails? I've said the same thing, and I
> think it is due to a "fix" that didn't get tested well in pacman
> 3.0.5. I think I'm going to roll back that fix tonight unless someone
> else can come up with a solution.
>
> Relevant stuff:
> http://archlinux.org/pipermail/arch-dev-public/2007-June/001048.html
> http://archlinux.org/pipermail/pacman-dev/2007-June/008567.html
> http://archlinux.org/pipermail/pacman-dev/2007-June/008567.html
> http://bugs.archlinux.org/task/7461
> http://bugs.archlinux.org/task/7323
>
> -Dan

There was a related problem with a previous version of pacman. I haven't 
check if it's still there in pacman 3.05. 
REF: http://archlinux.org/pipermail/tur-users/2007-May/005205.html

When doing chown and chmod on a file to add it to a group (with rw 
permissions) like so:
-rw-rw-r-- root:adesklets

the file was installed with the permissions/ownership of:
-rw-r--r-- root:root

even if doing tar -tzvf on the package would should the correct 
permission/ownership like Thomas said above.  I wanted to test with a git 
checkout of pacman but haven't done it yet.

There's definitely a problem with file permission/ownership that was 
introduced before the 3.05 release.  Maybe the latest fixes made it 
worse.


Eric
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the arch-dev-public mailing list