[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ltib] World writable dirs in ltib

From: Svein Seldal
Subject: Re: [Ltib] World writable dirs in ltib
Date: Thu, 09 Jul 2009 22:26:35 +0200
User-agent: Thunderbird (X11/20090608)

Stuart Hughes wrote:
My core point is that I propose a fix where you don't need 777 permissions on either of these directories.

The patch for rpm-fs*.rpm does not set the permissions for the two areas above to root (with 777). Instead it will use the owner of the build user for these directories. This ensures that the dirs will work when you're on a single user machine (which most are, I guess). For those of us on multiuser machines, the sysop would need to change the permissions accordingly.

Next the patch for ltib properly tests the access to pkg cache (by using access() instead of just looking at the file permissions). And it will not change the permissions in case of wrong access.

I will take another look at these and get back to you.

Would you please consider the patch for the ltib at least. It does the following tests for the lpp:

   1) -e  and mkdir if not
   2) -d  and die if not (in case the file does exist as something else)
   3) -r and -w  using access()

The latter is my most important and prudent point. -r and -w will by default only check the user r and w bits of the file's permissions. Same will stat(). By instructing perl to use access() it can check if the user really has -r or -w access (via ACL or by group/world permissions).

However, without going into a discussion, I would not recommend doing a chmod in case no 3) fails.

- Svein

reply via email to

[Prev in Thread] Current Thread [Next in Thread]