[arch-dev-public] [pacman-dev] pacman screws up permissions
Dan McGee
dpmcgee at gmail.com
Wed Jun 20 17:07:24 EDT 2007
On 6/20/07, Eric Belanger <belanger at astro.umontreal.ca> wrote:
> On Wed, 20 Jun 2007, Dan McGee wrote:
>
> > On 6/20/07, Thomas Bächler <thomas.baechler at gmx.de> wrote:
> >> I just installed the ntfs-3g package with pacman 3.0.5-1:
> >>
> >> $ /bin/ls -lhF /bin/ntfs-3g /usr/man/man8/ntfs-3g.8.gz
> >> -rwxrwxrwx 1 root root 36K 20. Jun 01:45 /bin/ntfs-3g*
> >> -rwxrwxrwx 1 root root 3,0K 20. Jun 01:44 /usr/man/man8/ntfs-3g.8.gz*
> >>
> >> The permissions in the tarfile are 755 for /bin/ntfs-3g (and I suppose
> >> they are 644 for the manpage, didn't check that). This behaviour can
> >> cause critical bugs and in this case is security-relevant, as a user
> >> could change the ntfs-3g binary, which is executed at boot time on many
> >> systems. This has to be fixed FAST.
> >
> > Has anyone read my recent emails? I've said the same thing, and I
> > think it is due to a "fix" that didn't get tested well in pacman
> > 3.0.5. I think I'm going to roll back that fix tonight unless someone
> > else can come up with a solution.
> >
> > Relevant stuff:
> > http://archlinux.org/pipermail/arch-dev-public/2007-June/001048.html
> > http://archlinux.org/pipermail/pacman-dev/2007-June/008567.html
> > http://archlinux.org/pipermail/pacman-dev/2007-June/008567.html
> > http://bugs.archlinux.org/task/7461
> > http://bugs.archlinux.org/task/7323
> >
> > -Dan
>
> There was a related problem with a previous version of pacman. I haven't
> check if it's still there in pacman 3.05.
> REF: http://archlinux.org/pipermail/tur-users/2007-May/005205.html
>
> When doing chown and chmod on a file to add it to a group (with rw
> permissions) like so:
> -rw-rw-r-- root:adesklets
>
> the file was installed with the permissions/ownership of:
> -rw-r--r-- root:root
>
> even if doing tar -tzvf on the package would should the correct
> permission/ownership like Thomas said above. I wanted to test with a git
> checkout of pacman but haven't done it yet.
>
> There's definitely a problem with file permission/ownership that was
> introduced before the 3.05 release. Maybe the latest fixes made it
> worse.
>
>
> Eric
Fixing now...
-Dan
More information about the arch-dev-public
mailing list