GNU bug report logs -
#38422
.png files in /gnu/store with executable permissions (555)
Previous Next
Reported by: Bengt Richter <bokr <at> bokr.com>
Date: Fri, 29 Nov 2019 08:01:01 UTC
Severity: normal
Tags: notabug
Done: zimoun <zimon.toutoune <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #14 received at 38422 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Bengt, Ricardo,
I see similar results here with ‘guix install moka-icon-theme’,
and I'm sure the rest of my (and everyone's) store is full of
misperm'd files too. It's kind of generally known.
This seems to be particularly common in Meson packages: for some
reason, Meson installs everything as executable by default.
Bengt Richter 写道:
> Is this zero-day stuff with a nasty somewhere, waiting for
> referencing
> by another nasty, or am I being paranoid?
What's the threat model there? Respectfully, I think you might
be, but maybe I'm naive…
Otherwise I consider this a merely cosmetic issue, but we still
welcome fixes for those!
Checking whether Meson behaves differently on other distributions
would be a good start.
Ricardo Wurmus 写道:
> Bengt Richter <bokr <at> bokr.com> writes:
>
>> $ find /gnu -type f -perm /111 -iname '*png'|xargs stat -c '%a
>> %A %N'|cut -d '-' -f5,6,7,8|less|uniq -c|less
>> --8<---------------cut
>> here---------------start------------->8---
>> 1 x
>> '/gnu/store/.links/1s94fymqj8xba55rg8xbdni9a215kxsxkddyh2qyb7y6fl7srpng'
>> 1 x
>> '/gnu/store/.links/05dsk06ffdwgjdqgsy03zhnsrcd44yyi8ylk9qyb1a3n89aplpng'
>> 97 x
>> '/gnu/store/jf7i57glqykwgm1k7zb5k8x6f1yd47l8-faba-icon-theme
>> 1 x
>> '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/gdparttopng'
>> 1 x
>> '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/gdtopng'
>> 1 x
>> '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/webpng'
>> 1 x
>> '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/gd2topng'
>> 1 x
>> '/gnu/store/x9c77i6r5fmarslij6ng81awgrxblplm-texlive-bin-20180414/bin/dvipng'
>> 34143 x
>> '/gnu/store/yg6skr4v6vnj04rm5k9h3pa81mjivba7-moka-icon-theme
>> 1 x
>> '/gnu/store/7mxkdn6cp7x8sac49p2g80qw5j1aavi3-texlive-20180414/bin/dvipng'
>> 62 x
>> '/gnu/store/6d79d8za76pj5f2flhckpmdvdgqhqxaa-docbook-xsl-1.79.1/xml/xsl/docbook
>> 1 x
>> '/gnu/store/azd3rg350gjkgzvzps3s4j3kpz5kxh57-texlive-bin-20180414/bin/dvipng'
>> 1 x
>> '/gnu/store/9w1hi2hr4zczc5jd5r2xmff9zf4gwc1n-texlive-union-49435/bin/dvipng'
>> 1 x
>> '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/gdparttopng'
>> 1 x
>> '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/gdtopng'
>> 1 x
>> '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/webpng'
>> 1 x
>> '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/gd2topng'
>> 1 x
>> '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/gdparttopng'
>> 1 x
>> '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/gdtopng'
>> 1 x
>> '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/webpng'
>> 1 x
>> '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/gd2topng'
>>
>> --8<---------------cut
>> here---------------end--------------->8---
>
> Maybe I’m missing something, but none of the above are PNGs.
> Most of them are executables, others are directories, so having
> them
> executable is expected.
Bengt's clever pipeline tallies the number of executable *png
files in each top-level store directory. It does not include
directories.
It's true that the '*png' above should be replaced with '*.png',
but these /bin files are just the very noisy outliers.
The meat is in:
> 34143 x
> '/gnu/store/yg6skr4v6vnj04rm5k9h3pa81mjivba7-moka-icon-theme
i.e. 34143 executable '*png' files in that directory alone.
Kind regards,
T G-R
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 5 years and 110 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.