Matt Swift <[EMAIL PROTECTED]> writes:
...
>In the source package, the file ./debian/PVER-elisp.install.in
>contains the lines:
>
> ELCDIR=/usr/share/$FLAVOR/site-lisp/$PACKAGE
> [...]
> LOG=`tempfile`
> [...]
> $FLAVOR $BATCHFLAGS $PRELOADS $COMPILE >>$LOG 2>&1
> [...]
> mv -f $LOG $ELCDIR/install.log
>
>The default mode of a file created by "tempfile" is 600 -- this is
>how the file with the inappropriate mode is first created.
However, I think substituting
LOG=`tempfile -m 644`
would introduce a security bug.
Instead, I propose that
chmod 644 $ELCDIR/install.log
should be appended.
- Jim Van Zandt
