Re: Bug#79620: dpkg-source must handle file permissions

To: debian-devel@lists.debian.org
Subject: Re: Bug#79620: dpkg-source must handle file permissions
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Fri, 15 Dec 2000 21:49:09 +1100
Message-id: <[🔎] 200012151049.eBFAn9504199@gondor.apana.org.au>
In-reply-to: <[🔎] 20001215003355.A27078@cistron.nl> <[🔎] Pine.LNX.3.96.1001215003830.20239A-100000@panic.et.tudelft.nl> <[🔎] 20001215004437.D27078@cistron.nl> <[🔎] 84zohyrxrx.fsf@snoopy.apana.org.au>

Brian May <bam@debian.org> wrote:
>
> Unpacking is already a huge security risk. As a simplistic example,
> unpacking the following package could have serious consequences
> especially if done by root:

> [682] [snoopy:bam] ~/dangerous >tar -tzvf dangerous_0.0.tar.gz          
> drwxr-xr-x bam/users         0 2000-12-15 17:06:21 dangerous-0.0/
> lrwxrwxrwx bam/users         0 2000-12-15 17:06:21 dangerous-0.0/etc -> /etc
> -rw-r--r-- bam/users       465 2000-12-15 17:06:21 dangerous-0.0/etc/nsswitch.conf
> -rw-r--r-- bam/users      2568 2000-12-15 17:06:21 dangerous-0.0/etc/passwd
> -rw-r--r-- bam/users        25 2000-12-15 17:06:21 dangerous-0.0/etc/shadow

Try --keep-old-files
-- 
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to:

Follow-Ups:
- Re: Bug#79620: dpkg-source must handle file permissions
  - From: Colin Phipps <cph@netcraft.com>

References:
- Re: Bug#79620: dpkg-source must handle file permissions
  - From: Brian May <bam@debian.org>

Prev by Date: intent retiring (was ITP: docbook-tools -- A collection of tools to work with DocBook documents.)
Next by Date: Re: ITP: dvgrab - Grab digital video data via IEEE1394 links.
Previous by thread: Re: Bug#79620: dpkg-source must handle file permissions
Next by thread: Re: Bug#79620: dpkg-source must handle file permissions
Index(es):
- Date
- Thread