Your message dated Mon, 4 Feb 2019 09:24:42 -0700 (MST)
with message-id <[email protected]>
and subject line not a bug
has caused the Debian Bug report #605425,
regarding tar overwrites permissions of ./
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
605425: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605425
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tar
Version: 1.25-2
Severity: important
Hello,
I have stumped on an error (IMHO) with tar, which is a bit security
relevant.
Story:
I have wanted to check a postinst of a deb archive and tried something
like (as root):
cd /tmp
ar x /var/cache/.../foo.deb
tar -xvzf control.tar.gz
Then many applications silently failed, also X11 could not start anymore
(XKB compile errors etc etc). Later I saw, that /tmp now has got 0664,
which is wrong.
I have tested it again and yeah I have to blame tar.
Think about the following:
me@gnu:~/my_super_secret_and_safe_evil_dataaaaaaaaaaaa$ ls -ld .
drwx------ 2 me me 4096 29. Nov 21:29 .
me@gnu:~/my_super_secret_and_safe_evil_dataaaaaaaaaaaa$ tar -xvzf
/tmp/control.tar.gz
./
./conffiles
./md5sums
./control
me@gnu:~/my_super_secret_and_safe_evil_dataaaaaaaaaaaa$ ls -ld .
drwxr-xr-x 2 me me 4096 14. Jul 13:11 .
me@gnu:~/my_super_secret_and_safe_evil_dataaaaaaaaaaaa$
Sure, in control.tar.gz "./" is packaged so it also changes the file
permissions for ./, but I don't think, that this is a wanted behaviour
for users..
http://nopaste.linux-dev.org/?9139
--
/*
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
GNU/Linux Debian Developer
E-Mail: [email protected]
[email protected]
Comment:
Always if we think we are right,
we were maybe wrong.
*/
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
I'm closing this bug with no further action taken since the behavior isn't
actually a bug.
Bdale
--- End Message ---