Bug#341506: dpkg-source and file permissions

Wed, 30 Nov 2005 17:33:07 -0800 

Package: dpkg-dev
Version: 1.13.11
Version: 1.10.28
Tags: security

fakeroot combined with dpkg-source uses original source package permissions.
If the original source has insecure permissions on files and/or directories
dpkg-source -x should override them with umask, but:

$ fakeroot /bin/sh
sh-3.00# umask
0077
sh-3.00# ls -lad *
ls: *: No such file or directory
sh-3.00# tar -zxkf ../dash_0.5.3.orig.tar.gz
sh-3.00# ls -lad *
drwxrwxrwx 3 mikko mikko 4096 2005-11-26 05:19 dash-0.5.3
sh-3.00# rm -rf *
sh-3.00# tar --no-same-permissions -zxkf ../dash_0.5.3.orig.tar.gz
sh-3.00# ls -lad *
drwx------ 3 mikko mikko 4096 2005-11-26 05:19 dash-0.5.3

Debugging reveals that dpkg-source gives options xkf to tar, and (GNU only?)
tar adds --no-same-permissions for non-root users. fakeroot is fakeroot so
it fools tar too, and "-p, --same-permissions, --preserve-permissions" is
used instead as the tar manual page nicely explains.

Yeah, this is a security issue too although any environment with compilers
is hazard ;) Hopefully tighter permissions do not break any build automatics.

Attached patches fix this for unstable/testing and sarge, but IMO upstream
should receive some comments too if they have o=rwx directories in their 
release archives.

-Mikko

--- scripts/dpkg-source.pl      2004-11-11 05:16:35.000000000 +0200
+++ ../dpkg-1.10.28.sarge.mkr1/scripts/dpkg-source.pl   2005-12-01 
03:43:50.000000000 +0200
@@ -975,15 +975,15 @@
 sub extracttar {
     my ($tarfileread,$dirchdir,$newtopdir) = @_;
     &forkgzipread("$tarfileread");
-    defined($c2= fork) || &syserr("fork for tar -xkf -");
+    defined($c2= fork) || &syserr("fork for tar --no-same-permissions -xkf -");
     if (!$c2) {
-        open(STDIN,"<&GZIP") || &syserr("reopen gzip for tar -xkf -");
+        open(STDIN,"<&GZIP") || &syserr("reopen gzip for tar 
--no-same-permissions -xkf -");
         &cpiostderr;
         chdir("$dirchdir") || &syserr("cannot chdir to \`$dirchdir' for tar 
extract");
-        exec('tar','-xkf','-'); &syserr("exec tar -xkf -");
+        exec('tar','--no-same-permissions','-xkf','-'); &syserr("exec tar 
--no-same-permissions -xkf -");
     }
     close(GZIP);
-    $c2 == waitpid($c2,0) || &syserr("wait for tar -xkf -");
+    $c2 == waitpid($c2,0) || &syserr("wait for tar --no-same-permissions -xkf 
-");
     $? && subprocerr("tar -xkf -");
     &reapgzip;
 

--- scripts/dpkg-source.pl      2005-08-17 06:17:31.000000000 +0300
+++ ../dpkg-1.13.11.mkr1/scripts/dpkg-source.pl 2005-12-01 03:53:55.000000000 
+0200
@@ -1108,15 +1108,15 @@
 sub extracttar {
     my ($tarfileread,$dirchdir,$newtopdir) = @_;
     &forkgzipread("$tarfileread");
-    defined($c2= fork) || &syserr("fork for tar -xkf -");
+    defined($c2= fork) || &syserr("fork for tar --no-same-permissions -xkf -");
     if (!$c2) {
-        open(STDIN,"<&GZIP") || &syserr("reopen gzip for tar -xkf -");
+        open(STDIN,"<&GZIP") || &syserr("reopen gzip for tar 
--no-same-permissions -xkf -");
         &cpiostderr;
         chdir($dirchdir) || &syserr("cannot chdir to `$dirchdir' for tar 
extract");
-        exec('tar','-xkf','-') or &syserr("exec tar -xkf -");
+        exec('tar','--no-same-permissions','-xkf','-') or &syserr("exec tar 
--no-same-permissions -xkf -");
     }
     close(GZIP);
-    $c2 == waitpid($c2,0) || &syserr("wait for tar -xkf -");
+    $c2 == waitpid($c2,0) || &syserr("wait for tar --no-same-permissions -xkf 
-");
     $? && subprocerr("tar -xkf -");
     &reapgzip;

Reply via email to