bug-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#38422: .png files in /gnu/store with executable permissions (555)


From: Tobias Geerinckx-Rice
Subject: bug#38422: .png files in /gnu/store with executable permissions (555)
Date: Fri, 29 Nov 2019 12:28:26 +0100

Bengt, Ricardo,

I see similar results here with ‘guix install moka-icon-theme’, and I'm sure the rest of my (and everyone's) store is full of misperm'd files too. It's kind of generally known.

This seems to be particularly common in Meson packages: for some reason, Meson installs everything as executable by default.

Bengt Richter 写道:
Is this zero-day stuff with a nasty somewhere, waiting for referencing
by another nasty, or am I being paranoid?

What's the threat model there? Respectfully, I think you might be, but maybe I'm naive…

Otherwise I consider this a merely cosmetic issue, but we still welcome fixes for those!

Checking whether Meson behaves differently on other distributions would be a good start.

Ricardo Wurmus 写道:
Bengt Richter <address@hidden> writes:

$ find /gnu -type f -perm /111 -iname '*png'|xargs stat -c '%a %A %N'|cut -d '-' -f5,6,7,8|less|uniq -c|less --8<---------------cut here---------------start------------->8--- 1 x '/gnu/store/.links/1s94fymqj8xba55rg8xbdni9a215kxsxkddyh2qyb7y6fl7srpng' 1 x '/gnu/store/.links/05dsk06ffdwgjdqgsy03zhnsrcd44yyi8ylk9qyb1a3n89aplpng' 97 x '/gnu/store/jf7i57glqykwgm1k7zb5k8x6f1yd47l8-faba-icon-theme 1 x '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/gdparttopng' 1 x '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/gdtopng' 1 x '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/webpng' 1 x '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/gd2topng' 1 x '/gnu/store/x9c77i6r5fmarslij6ng81awgrxblplm-texlive-bin-20180414/bin/dvipng' 34143 x '/gnu/store/yg6skr4v6vnj04rm5k9h3pa81mjivba7-moka-icon-theme 1 x '/gnu/store/7mxkdn6cp7x8sac49p2g80qw5j1aavi3-texlive-20180414/bin/dvipng' 62 x '/gnu/store/6d79d8za76pj5f2flhckpmdvdgqhqxaa-docbook-xsl-1.79.1/xml/xsl/docbook 1 x '/gnu/store/azd3rg350gjkgzvzps3s4j3kpz5kxh57-texlive-bin-20180414/bin/dvipng' 1 x '/gnu/store/9w1hi2hr4zczc5jd5r2xmff9zf4gwc1n-texlive-union-49435/bin/dvipng' 1 x '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/gdparttopng' 1 x '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/gdtopng' 1 x '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/webpng' 1 x '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/gd2topng' 1 x '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/gdparttopng' 1 x '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/gdtopng' 1 x '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/webpng' 1 x '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/gd2topng'

--8<---------------cut here---------------end--------------->8---

Maybe I’m missing something, but none of the above are PNGs.
Most of them are executables, others are directories, so having them
executable is expected.

Bengt's clever pipeline tallies the number of executable *png files in each top-level store directory. It does not include directories.

It's true that the '*png' above should be replaced with '*.png', but these /bin files are just the very noisy outliers.

The meat is in:

34143 x '/gnu/store/yg6skr4v6vnj04rm5k9h3pa81mjivba7-moka-icon-theme

i.e. 34143 executable '*png' files in that directory alone.

Kind regards,

T G-R

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]