https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7508
Bug ID: 7508
Summary: Suboptimal permissions of mirrored rulesets files (on
sa-update mirrors)
Product: Spamassassin
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: minor
Priority: P2
Component: sysadmins
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
The mirrored rulesets tarball files (and the according ASC and SHA1 files) have
odd and heterogeneous permissions. Here an extract:
-rw-rw-r-- 11 Nov 27 14:17 MIRROR.CHECK
-rw-r--r-- 100 Nov 27 09:31 1816413.tar.gz.sha1
-rw-r--r-- 819 Nov 27 09:31 1816413.tar.gz.asc
-rw-r--r-- 207813 Nov 27 09:31 1816413.tar.gz
-r-xr--r-- 819 Nov 27 03:55 1816372.tar.gz.asc
-r-xr--r-- 113 Nov 27 03:55 1816372.tar.gz.sha1
-r-xr--r-- 275070 Nov 27 03:55 1816372.tar.gz
-rw-r--r-- 1309 Nov 26 22:30 MIRRORED.BY
...
-rw-rw-r-- 100 Jun 4 10:30 1797561.tar.gz.sha1
-rw-rw-r-- 819 Jun 4 10:30 1797561.tar.gz.asc
-rw-rw-r-- 206546 Jun 4 10:30 1797561.tar.gz
...
-rwxrwxr-x 56 Feb 15 2007 507739.tar.gz.sha1
-rwxrwxr-x 126897 Feb 15 2007 507739.tar.gz
-rwxrwxr-x 823 Feb 15 2007 507739.tar.gz.asc
In my eyes the execution-flags are totally wrong. And also the write-flags are
superfluous and at least theoretically a little bit dangerous. I assume the
mirroring ("rsync") will even work without a write-flag for the owner.
But as Kevin A. McGrail has written in the sysadmins mailing list it seems not
a big problem but only a flaw "because rules are crypto signed".
--
You are receiving this mail because:
You are the assignee for the bug.
