[
https://issues.apache.org/jira/browse/SERF-181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17985785#comment-17985785
]
Daniel Sahlberg commented on SERF-181:
--------------------------------------
Committed r1926676 after review by brane:
https://lists.apache.org/thread/gxzckmnoomo0w859f43vf7gmvw6y0n4k
> Source tarball file modes are group- and world-writable
> -------------------------------------------------------
>
> Key: SERF-181
> URL: https://issues.apache.org/jira/browse/SERF-181
> Project: serf
> Issue Type: Bug
> Affects Versions: serf-1.3.9
> Reporter: J. Lewis Muir
> Priority: Minor
>
> The modes of the files in the serf-1.3.9.tar.bz2 source tarball are all
> group- and world-writable. This is problematic if the tarball is extracted
> as root since many tar implementations will preserve the file modes even
> without the {{\-p}} option, thus creating files that are group- and
> world-writable. It would be better if the file modes were not group- and
> world-writable in the tarball.
> {noformat}
> % tar tjvf serf-1.3.9.tar.bz2
> drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/
> -rw-rw-rw- 0 bert bert 14372 Aug 29 2016 serf-1.3.9/CHANGES
> -rw-rw-rw- 0 bert bert 11357 Aug 26 2007 serf-1.3.9/LICENSE
> -rw-rw-rw- 0 bert bert 287 Sep 17 2015 serf-1.3.9/NOTICE
> -rw-rw-rw- 0 bert bert 2842 Sep 17 2015 serf-1.3.9/README
> -rw-rw-rw- 0 bert bert 17388 Sep 17 2015 serf-1.3.9/SConstruct
> -rw-rw-rw- 0 bert bert 520 Oct 17 2015 serf-1.3.9/STATUS
> drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/auth/
> -rw-rw-rw- 0 bert bert 16390 Sep 17 2015 serf-1.3.9/auth/auth.c
> -rw-rw-rw- 0 bert bert 6570 Sep 17 2015 serf-1.3.9/auth/auth.h
> -rw-rw-rw- 0 bert bert 6020 Sep 17 2015 serf-1.3.9/auth/auth_basic.c
> -rw-rw-rw- 0 bert bert 17883 Sep 17 2015 serf-1.3.9/auth/auth_digest.c
> -rw-rw-rw- 0 bert bert 23808 Sep 17 2015 serf-1.3.9/auth/auth_spnego.c
> -rw-rw-rw- 0 bert bert 4133 Sep 17 2015 serf-1.3.9/auth/auth_spnego.h
> -rw-rw-rw- 0 bert bert 8096 Sep 17 2015
> serf-1.3.9/auth/auth_spnego_gss.c
> -rw-rw-rw- 0 bert bert 9296 Sep 17 2015
> serf-1.3.9/auth/auth_spnego_sspi.c
> drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/buckets/
> -rw-rw-rw- 0 bert bert 14119 Sep 17 2015
> serf-1.3.9/buckets/aggregate_buckets.c
> -rw-rw-rw- 0 bert bert 12238 Sep 17 2015 serf-1.3.9/buckets/allocator.c
> -rw-rw-rw- 0 bert bert 3371 Sep 17 2015
> serf-1.3.9/buckets/barrier_buckets.c
> -rw-rw-rw- 0 bert bert 18434 Sep 17 2015 serf-1.3.9/buckets/buckets.c
> -rw-rw-rw- 0 bert bert 17625 Sep 17 2015
> serf-1.3.9/buckets/bwtp_buckets.c
> -rw-rw-rw- 0 bert bert 7227 Sep 17 2015
> serf-1.3.9/buckets/chunk_buckets.c
> -rw-rw-rw- 0 bert bert 6547 Sep 17 2015
> serf-1.3.9/buckets/dechunk_buckets.c
> -rw-rw-rw- 0 bert bert 14904 Sep 17 2015
> serf-1.3.9/buckets/deflate_buckets.c
> -rw-rw-rw- 0 bert bert 3939 Sep 17 2015
> serf-1.3.9/buckets/file_buckets.c
> -rw-rw-rw- 0 bert bert 13282 Sep 17 2015
> serf-1.3.9/buckets/headers_buckets.c
> -rw-rw-rw- 0 bert bert 5250 Sep 17 2015
> serf-1.3.9/buckets/iovec_buckets.c
> -rw-rw-rw- 0 bert bert 3798 Sep 17 2015
> serf-1.3.9/buckets/limit_buckets.c
> -rw-rw-rw- 0 bert bert 3900 Sep 17 2015
> serf-1.3.9/buckets/mmap_buckets.c
> -rw-rw-rw- 0 bert bert 7747 Sep 17 2015
> serf-1.3.9/buckets/request_buckets.c
> -rw-rw-rw- 0 bert bert 4223 Sep 17 2015
> serf-1.3.9/buckets/response_body_buckets.c
> -rw-rw-rw- 0 bert bert 16027 Sep 17 2015
> serf-1.3.9/buckets/response_buckets.c
> -rw-rw-rw- 0 bert bert 4686 Sep 17 2015
> serf-1.3.9/buckets/simple_buckets.c
> -rw-rw-rw- 0 bert bert 3957 Sep 17 2015
> serf-1.3.9/buckets/socket_buckets.c
> -rw-rw-rw- 0 bert bert 60398 Jun 30 2016
> serf-1.3.9/buckets/ssl_buckets.c
> drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/build/
> -rwxrwxrwx 0 bert bert 2206 Sep 17 2015 serf-1.3.9/build/check.py
> -rwxrwxrwx 0 bert bert 2694 Sep 17 2015 serf-1.3.9/build/gen_def.py
> -rw-rw-rw- 0 bert bert 318 Oct 4 2013 serf-1.3.9/build/serf.pc.in
> -rw-rw-rw- 0 bert bert 11892 Oct 17 2015 serf-1.3.9/context.c
> -rw-rw-rw- 0 bert bert 5880 Aug 26 2007 serf-1.3.9/design-guide.txt
> -rw-rw-rw- 0 bert bert 4380 Sep 17 2015 serf-1.3.9/incoming.c
> -rw-rw-rw- 0 bert bert 58625 Oct 17 2015 serf-1.3.9/outgoing.c
> -rw-rw-rw- 0 bert bert 39346 Sep 17 2015 serf-1.3.9/serf.h
> -rw-rw-rw- 0 bert bert 21225 Sep 17 2015 serf-1.3.9/serf_bucket_types.h
> -rw-rw-rw- 0 bert bert 8787 Sep 17 2015 serf-1.3.9/serf_bucket_util.h
> -rw-rw-rw- 0 bert bert 15934 Sep 17 2015 serf-1.3.9/serf_private.h
> -rw-rw-rw- 0 bert bert 7291 Sep 17 2015 serf-1.3.9/ssltunnel.c
> drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/test/
> -rw-rw-rw- 0 bert bert 7485 Oct 12 2008
> serf-1.3.9/test/CuTest-README.txt
> -rw-rw-rw- 0 bert bert 11273 Oct 4 2013 serf-1.3.9/test/CuTest.c
> -rw-rw-rw- 0 bert bert 6409 Jul 21 2013 serf-1.3.9/test/CuTest.h
> -rw-rw-rw- 0 bert bert 11135 Sep 17 2015 serf-1.3.9/test/mock_buckets.c
> -rw-rw-rw- 0 bert bert 20061 Sep 17 2015 serf-1.3.9/test/serf_bwtp.c
> -rw-rw-rw- 0 bert bert 21439 Sep 17 2015 serf-1.3.9/test/serf_get.c
> -rw-rw-rw- 0 bert bert 2521 Sep 17 2015 serf-1.3.9/test/serf_request.c
> -rw-rw-rw- 0 bert bert 4683 Sep 17 2015
> serf-1.3.9/test/serf_response.c
> -rw-rw-rw- 0 bert bert 4120 Sep 17 2015 serf-1.3.9/test/serf_server.c
> -rw-rw-rw- 0 bert bert 25059 Sep 17 2015 serf-1.3.9/test/serf_spider.c
> -rw-rw-rw- 0 bert bert 3656 Mar 21 2008 serf-1.3.9/test/serftestca.pem
> drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/test/server/
> -rw-rw-rw- 0 bert bert 1489 Jun 30 2016
> serf-1.3.9/test/server/serfcacert.pem
> -rw-rw-rw- 0 bert bert 3677 Jun 30 2016
> serf-1.3.9/test/server/serfclientcert.p12
> -rw-rw-rw- 0 bert bert 1505 Jun 30 2016
> serf-1.3.9/test/server/serfrootcacert.pem
> -rw-rw-rw- 0 bert bert 1371 Jun 30 2016
> serf-1.3.9/test/server/serfserver_expired_cert.pem
> -rw-rw-rw- 0 bert bert 1371 Jun 30 2016
> serf-1.3.9/test/server/serfserver_future_cert.pem
> -rw-rw-rw- 0 bert bert 1371 Jun 30 2016
> serf-1.3.9/test/server/serfservercert.pem
> -rw-rw-rw- 0 bert bert 1834 Jun 30 2016
> serf-1.3.9/test/server/serfserverkey.pem
> -rw-rw-rw- 0 bert bert 21996 Sep 17 2015
> serf-1.3.9/test/server/test_server.c
> -rw-rw-rw- 0 bert bert 5259 Sep 17 2015
> serf-1.3.9/test/server/test_server.h
> -rw-rw-rw- 0 bert bert 13854 Jun 30 2016
> serf-1.3.9/test/server/test_sslserver.c
> -rw-rw-rw- 0 bert bert 3217 Sep 17 2015 serf-1.3.9/test/test_all.c
> -rw-rw-rw- 0 bert bert 23992 Sep 17 2015 serf-1.3.9/test/test_auth.c
> -rw-rw-rw- 0 bert bert 58829 Sep 17 2015 serf-1.3.9/test/test_buckets.c
> -rw-rw-rw- 0 bert bert 86012 Sep 17 2015 serf-1.3.9/test/test_context.c
> -rw-rw-rw- 0 bert bert 10811 Sep 17 2015 serf-1.3.9/test/test_serf.h
> -rw-rw-rw- 0 bert bert 10622 Sep 17 2015 serf-1.3.9/test/test_ssl.c
> -rw-rw-rw- 0 bert bert 21513 Sep 17 2015 serf-1.3.9/test/test_util.c
> drwxrwxrwx 0 bert bert 0 Aug 29 2016 serf-1.3.9/test/testcases/
> -rw-rw-rw- 0 bert bert 258 Sep 4 2004
> serf-1.3.9/test/testcases/chunked-empty.response
> -rw-rw-rw- 0 bert bert 131 Sep 8 2004
> serf-1.3.9/test/testcases/chunked-trailers.response
> -rw-rw-rw- 0 bert bert 114 Sep 8 2004
> serf-1.3.9/test/testcases/chunked.response
> -rw-rw-rw- 0 bert bert 639 Sep 8 2004
> serf-1.3.9/test/testcases/deflate.response
> -rw-rw-rw- 0 bert bert 16 Mar 29 2005
> serf-1.3.9/test/testcases/simple.request
> -rw-rw-rw- 0 bert bert 845 Sep 4 2004
> serf-1.3.9/test/testcases/simple.response
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
