[pacman-dev] pacman screws up permissions

Thomas Bächler thomas.baechler at gmx.de
Wed Jun 20 15:58:11 EDT 2007


I just installed the ntfs-3g package with pacman 3.0.5-1:

$ /bin/ls -lhF /bin/ntfs-3g /usr/man/man8/ntfs-3g.8.gz
-rwxrwxrwx 1 root root  36K 20. Jun 01:45 /bin/ntfs-3g*
-rwxrwxrwx 1 root root 3,0K 20. Jun 01:44 /usr/man/man8/ntfs-3g.8.gz*

The permissions in the tarfile are 755 for /bin/ntfs-3g (and I suppose
they are 644 for the manpage, didn't check that). This behaviour can
cause critical bugs and in this case is security-relevant, as a user
could change the ntfs-3g binary, which is executed at boot time on many
systems. This has to be fixed FAST.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://archlinux.org/pipermail/pacman-dev/attachments/20070620/2de8233c/attachment.pgp>


More information about the pacman-dev mailing list