tags 608414 + patch thanks On Thu, Dec 30, 2010 at 07:19:38PM +0100, Cyril Brulebois wrote: > Package: sbuild > Version: 0.60.7-1 > Severity: normal > > Hi, > > as a casual user, with no ~/opt at the beginning: > | $ sudo sbuild-createchroot sid ~/opt/sid-amd-sbuild > http://localhost:9999/debian > | $ ls -ld opt > | drwx------ 3 root root 4096 Dec 30 18:57 opt > > I'm not sure permissions should be so restrictive here. Specifically > when one compares to the following: > | $ sudo mkdir foo && ls -ld foo > | drwxr-xr-x 2 root root 4096 Dec 30 19:13 foo
Hmm, looks like it's due to the makedir call:
diff --git a/bin/sbuild-createchroot b/bin/sbuild-createchroot
index 6273f07..8445e16 100755
--- a/bin/sbuild-createchroot
+++ b/bin/sbuild-createchroot
@@ -163,7 +163,7 @@ $conf->set('INCLUDE', add_items($conf->get('INCLUDE'),
my $suite = $ARGV[0];
# Create the target directory in advance so abs_path (which is buggy)
# won't fail. Remove if abs_path is replaced by something better.
-makedir($ARGV[1], 0700);
+makedir($ARGV[1], 0755);
my $target = abs_path($ARGV[1]);
my $mirror = $ARGV[2];
my $script = undef;
Not sure why this is so restrictive initially. I think it was probably
to prevent any access to the chroot environment except via
sudo/schroot, but the security is minimal at best and probably entirely
pointless. I certainly have 0755 perms on all my chroots.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
signature.asc
Description: Digital signature
