NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/49798: unzip: Infozip compatibility: file permissions
>Number: 49798
>Category: bin
>Synopsis: unzip: Infozip compatibility: file permissions
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Mar 30 09:00:00 +0000 2015
>Originator: Thomas Klausner
>Release: NetBSD 7.99.7
>Organization:
Curiosity is the very basis of education and if you tell me that
curiosity killed the cat, I say only that the cat died nobly.
- Arnold Edinborough
>Environment:
Architecture: x86_64
Machine: amd64
>Description:
When unpacking zip files, NetBSD unzip is rather permissive and adds
e.g. executable bits to files. (The code is trying to work around issues
with included directories that don't have the x bit set and corresponding problems
when files should be unpacked there.)
The problem is that this sometimes affects files (not only directories) that
are installed via pkgsrc and then have the wrong permissions, about which
checkperms (i.e., a part of PKG_DEVELOPER=1) complains.
>How-To-Repeat:
Build e.g. security/py-keyring with PKG_DEVELOPER=1. See
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/PKG-INFO: executable bit is set on non-executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/SOURCES.txt: executable bit is set on non-executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/dependency_links.txt: too small to be a valid executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/entry_points.txt: executable bit is set on non-executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/requires.txt: executable bit is set on non-executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/top_level.txt: executable bit is set on non-executable file.
Can also be tested directly by unpacking keyring-5.3.zip, the distfile for that
package.
When unpacked with InfoZIP unzip:
# ll keyring-5.3/keyring.egg-info
total 50
drwxrwxr-x 2 wiz users 512 Mar 30 10:54 .
drwxrwxr-x 4 wiz users 512 Mar 30 10:54 ..
-rw-rw-rw- 1 wiz users 35333 Feb 25 12:08 PKG-INFO
-rw-rw-rw- 1 wiz users 1643 Feb 25 12:08 SOURCES.txt
-rw-rw-rw- 1 wiz users 1 Feb 25 12:08 dependency_links.txt
-rw-rw-rw- 1 wiz users 46 Feb 25 12:08 entry_points.txt
-rw-rw-rw- 1 wiz users 37 Feb 25 12:08 requires.txt
-rw-rw-rw- 1 wiz users 8 Feb 25 12:08 top_level.txt
When unpacked with NetBSD unzip:
# ll keyring-5.3/keyring.egg-info
total 50
drwxr-xr-x 2 wiz users 512 Mar 30 10:55 .
drwxr-xr-x 4 wiz users 512 Mar 30 10:55 ..
-rwxrwxr-x 1 wiz users 35333 Feb 25 12:08 PKG-INFO
-rwxrwxr-x 1 wiz users 1643 Feb 25 12:08 SOURCES.txt
-rwxrwxr-x 1 wiz users 1 Feb 25 12:08 dependency_links.txt
-rwxrwxr-x 1 wiz users 46 Feb 25 12:08 entry_points.txt
-rwxrwxr-x 1 wiz users 37 Feb 25 12:08 requires.txt
-rwxrwxr-x 1 wiz users 8 Feb 25 12:08 top_level.txt
>Fix:
Please!
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index