Package: dpkg-dev Version: 1.13.11 Version: 1.10.28 Tags: security fakeroot combined with dpkg-source uses original source package permissions. If the original source has insecure permissions on files and/or directories dpkg-source -x should override them with umask, but:
$ fakeroot /bin/sh sh-3.00# umask 0077 sh-3.00# ls -lad * ls: *: No such file or directory sh-3.00# tar -zxkf ../dash_0.5.3.orig.tar.gz sh-3.00# ls -lad * drwxrwxrwx 3 mikko mikko 4096 2005-11-26 05:19 dash-0.5.3 sh-3.00# rm -rf * sh-3.00# tar --no-same-permissions -zxkf ../dash_0.5.3.orig.tar.gz sh-3.00# ls -lad * drwx------ 3 mikko mikko 4096 2005-11-26 05:19 dash-0.5.3 Debugging reveals that dpkg-source gives options xkf to tar, and (GNU only?) tar adds --no-same-permissions for non-root users. fakeroot is fakeroot so it fools tar too, and "-p, --same-permissions, --preserve-permissions" is used instead as the tar manual page nicely explains. Yeah, this is a security issue too although any environment with compilers is hazard ;) Hopefully tighter permissions do not break any build automatics. Attached patches fix this for unstable/testing and sarge, but IMO upstream should receive some comments too if they have o=rwx directories in their release archives. -Mikko
--- scripts/dpkg-source.pl 2004-11-11 05:16:35.000000000 +0200 +++ ../dpkg-1.10.28.sarge.mkr1/scripts/dpkg-source.pl 2005-12-01 03:43:50.000000000 +0200 @@ -975,15 +975,15 @@ sub extracttar { my ($tarfileread,$dirchdir,$newtopdir) = @_; &forkgzipread("$tarfileread"); - defined($c2= fork) || &syserr("fork for tar -xkf -"); + defined($c2= fork) || &syserr("fork for tar --no-same-permissions -xkf -"); if (!$c2) { - open(STDIN,"<&GZIP") || &syserr("reopen gzip for tar -xkf -"); + open(STDIN,"<&GZIP") || &syserr("reopen gzip for tar --no-same-permissions -xkf -"); &cpiostderr; chdir("$dirchdir") || &syserr("cannot chdir to \`$dirchdir' for tar extract"); - exec('tar','-xkf','-'); &syserr("exec tar -xkf -"); + exec('tar','--no-same-permissions','-xkf','-'); &syserr("exec tar --no-same-permissions -xkf -"); } close(GZIP); - $c2 == waitpid($c2,0) || &syserr("wait for tar -xkf -"); + $c2 == waitpid($c2,0) || &syserr("wait for tar --no-same-permissions -xkf -"); $? && subprocerr("tar -xkf -"); &reapgzip;
--- scripts/dpkg-source.pl 2005-08-17 06:17:31.000000000 +0300 +++ ../dpkg-1.13.11.mkr1/scripts/dpkg-source.pl 2005-12-01 03:53:55.000000000 +0200 @@ -1108,15 +1108,15 @@ sub extracttar { my ($tarfileread,$dirchdir,$newtopdir) = @_; &forkgzipread("$tarfileread"); - defined($c2= fork) || &syserr("fork for tar -xkf -"); + defined($c2= fork) || &syserr("fork for tar --no-same-permissions -xkf -"); if (!$c2) { - open(STDIN,"<&GZIP") || &syserr("reopen gzip for tar -xkf -"); + open(STDIN,"<&GZIP") || &syserr("reopen gzip for tar --no-same-permissions -xkf -"); &cpiostderr; chdir($dirchdir) || &syserr("cannot chdir to `$dirchdir' for tar extract"); - exec('tar','-xkf','-') or &syserr("exec tar -xkf -"); + exec('tar','--no-same-permissions','-xkf','-') or &syserr("exec tar --no-same-permissions -xkf -"); } close(GZIP); - $c2 == waitpid($c2,0) || &syserr("wait for tar -xkf -"); + $c2 == waitpid($c2,0) || &syserr("wait for tar --no-same-permissions -xkf -"); $? && subprocerr("tar -xkf -"); &reapgzip;