Re: security: install 5.93/5.97 ignores --mode on existing dirs if no le

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security: install 5.93/5.97 ignores --mode on existing dirs if no le

From:	Eric Blake
Subject:	Re: security: install 5.93/5.97 ignores --mode on existing dirs if no leading 4th byte
Date:	Tue, 01 May 2007 18:29:56 -0600
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070221 Thunderbird/1.5.0.10 Mnenhy/0.7.5.666

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Marc MERLIN on 5/1/2007 12:17 PM:
> Incorrect/Insecure behaviour with install 5.93 or 5.97:
> 
> As you can see, the newer install refuses to reset permissions unless
> there is some leading byte.

Consider upgrading.  The latest stable version is 6.9, and there have been
intentional changes in this area.  Quoting from NEWS:

* Major changes in release 6.0 (2006-08-15) [unstable]
  chmod, install, and mkdir now preserve a directory's set-user-ID and
  set-group-ID bits unless you explicitly request otherwise.  E.g.,
  `chmod 755 DIR' and `chmod u=rwx,go=rx DIR' now preserve DIR's
  set-user-ID and set-group-ID bits instead of clearing them, and
  similarly for `mkdir -m 755 DIR' and `mkdir -m u=rwx,go=rx DIR'.  To
  clear the bits, mention them explicitly in a symbolic mode, e.g.,
  `mkdir -m u=rwx,go=rx,-s DIR'.  To set them, mention them explicitly
  in either a symbolic or a numeric mode, e.g., `mkdir -m 2755 DIR',
  `mkdir -m u=rwx,go=rx,g+s' DIR.  This change is for convenience on
  systems where these bits inherit from parents.  Unfortunately other
  operating systems are not consistent here, and portable scripts
  cannot assume the bits are set, cleared, or preserved, even when the
  bits are explicitly mentioned.  For example, OpenBSD 3.9 `mkdir -m
  777 D' preserves D's setgid bit but `chmod 777 D' clears it.
  Conversely, Solaris 10 `mkdir -m 777 D', `mkdir -m g-s D', and
  `chmod 0777 D' all preserve D's setgid bit, and you must use
  something like `chmod g-s D' to clear it.

- --
Don't work too hard, make some time for fun as well!

Eric Blake             address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGN9uE84KuGfSFAYARAswHAJ9sJ8khQwHkIDqRwub4L1vXLY3JMwCggLPI
M9jP+I/tibOyaZja+wQbhpI=
=7+gu
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

security: install 5.93/5.97 ignores --mode on existing dirs if no leading 4th byte, Marc MERLIN, 2007/05/01
- Re: security: install 5.93/5.97 ignores --mode on existing dirs if no leading 4th byte, Eric Blake <=
  - Re: security: install 5.93/5.97 ignores --mode on existing dirs if no leading 4th byte, Marc MERLIN, 2007/05/01
- Re: security: install 5.93/5.97 ignores --mode on existing dirs if no leading 4th byte, Paul Eggert, 2007/05/01

Prev by Date: security: install 5.93/5.97 ignores --mode on existing dirs if no leading 4th byte
Next by Date: PATCH: larger output file sizes for 'split'
Previous by thread: security: install 5.93/5.97 ignores --mode on existing dirs if no leading 4th byte
Next by thread: Re: security: install 5.93/5.97 ignores --mode on existing dirs if no leading 4th byte
Index(es):
- Date
- Thread