GNU bug report logs - #12947
[brlink@debian.org: Bug#598018: install: temporary insecure file permissions]

Previous Next

Package: coreutils;

Reported by: Samuel Bronson <naesten <at> gmail.com>

Date: Tue, 20 Nov 2012 19:07:01 UTC

Severity: normal

Tags: patch, security

Found in version 8.5

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

Message #22 received at 12947 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Bernhard Voelker <mail <at> bernhard-voelker.de>
Cc: naesten <at> gmail.com, Eric Blake <eblake <at> redhat.com>, 12947 <at> debbugs.gnu.org
Subject: Re: bug#12947: [brlink <at> debian.org: Bug#598018: install: temporary
	insecure file permissions]
Date: Wed, 21 Nov 2012 07:41:42 -0800

On 11/21/2012 02:27 AM, Bernhard Voelker wrote:
> Why aren't we using fchown and
> fchmod_or_lchmod before the close() call?

The code used to do that, if memory serves, but then
the code was modified to deal with ACLs or SELinux
or whatever and it turned into a big mess, which
I've been afraid to deal with.  I vaguely recall that
it had something to do with the relevant ACL and/or
SELinux calls requiring file names (which seemed like
a huge mistake to me at the time).

This bug report was last modified 12 years and 183 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #12947 [brlink@debian.org: Bug#598018: install: temporary insecure file permissions]

GNU bug report logs - #12947
[brlink@debian.org: Bug#598018: install: temporary insecure file permissions]