[pacman-dev] [PATCH] pacman-db-upgrade: set umask 022
Peter Wu
peter at lekensteyn.nl
Sat Dec 20 10:58:09 UTC 2014
This prevents the database from becoming inaccessible for non-root
users when the script was executed with a umask of 027.
Signed-off-by: Peter Wu <peter at lekensteyn.nl>
---
Hi,
It would probably be a good idea to set umask 022 for
/var/cache/pacman/archives/ as well, but that is not as severe as this issue.
If there are people who actually use 'umask 027' to make their packages
unreadable, what about a global Umask setting in pacman.conf (defaulting to
022?).
Kind regards,
Peter
---
scripts/pacman-db-upgrade.sh.in | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/pacman-db-upgrade.sh.in b/scripts/pacman-db-upgrade.sh.in
index 7bb277b..e2bb290 100644
--- a/scripts/pacman-db-upgrade.sh.in
+++ b/scripts/pacman-db-upgrade.sh.in
@@ -19,6 +19,9 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+# Avoid creating world-unreadable files
+umask 022
+
# gettext initialization
export TEXTDOMAIN='pacman-scripts'
export TEXTDOMAINDIR='@localedir@'
--
2.2.1
More information about the pacman-dev
mailing list