Bug#341506: dpkg-source and file permissions

2005-12-08 Thread Mikko Rapeli
On Thu, Dec 08, 2005 at 08:13:25AM +0100, Frank Lichtenheld wrote: Please note that there is both a bug report and a patch for this problem already... Actually --no-same-owner and --no-same-permissions do different things; one changes file owners and the other sets permissions. IMHO both should

Bug#341506: dpkg-source and file permissions

2005-12-08 Thread Mikko Rapeli
On Thu, Dec 08, 2005 at 10:02:48AM +0200, Mikko Rapeli wrote: On Thu, Dec 08, 2005 at 08:13:25AM +0100, Frank Lichtenheld wrote: Please note that there is both a bug report and a patch for this problem already... Actually --no-same-owner and --no-same-permissions do different things; one

Bug#341506: dpkg-source and file permissions

2005-12-07 Thread Frank Lichtenheld
merge 144571 341506 thanks On Thu, Dec 01, 2005 at 03:32:46AM +0200, Mikko Rapeli wrote: Package: dpkg-dev Version: 1.13.11 Version: 1.10.28 Tags: security Please note that there is both a bug report and a patch for this problem already... If nobody deemed this worth a advisory for the

Bug#341506: dpkg-source and file permissions

2005-12-01 Thread Mikko Rapeli
On Thu, Dec 01, 2005 at 03:32:45AM +0200, Mikko Rapeli wrote: fakeroot combined with dpkg-source uses original source package permissions. If the original source has insecure permissions on files and/or directories dpkg-source -x should override them with umask, but: snip What I ment to

Bug#341506: dpkg-source and file permissions

2005-12-01 Thread Martin Schulze
Mikko Rapeli wrote: On Thu, Dec 01, 2005 at 03:32:45AM +0200, Mikko Rapeli wrote: fakeroot combined with dpkg-source uses original source package permissions. If the original source has insecure permissions on files and/or directories dpkg-source -x should override them with umask, but:

Bug#341506: dpkg-source and file permissions

2005-12-01 Thread Mikko Rapeli
On Thu, Dec 01, 2005 at 11:34:15AM +0100, Martin Schulze wrote: Thanks for your report, but I'd rather consider this a if-use-user-wants-to-shoot-in-both-feet-they-should error. Why would anybody would want to run dpkg-source inside a fakerooted shell? You can't exploit root or another user,

Bug#341506: dpkg-source and file permissions

2005-11-30 Thread Mikko Rapeli
Package: dpkg-dev Version: 1.13.11 Version: 1.10.28 Tags: security fakeroot combined with dpkg-source uses original source package permissions. If the original source has insecure permissions on files and/or directories dpkg-source -x should override them with umask, but: $ fakeroot /bin/sh