Re: Bug#79620: dpkg-source must handle file permissions
Brian May <bam@debian.org> wrote:
>
> Unpacking is already a huge security risk. As a simplistic example,
> unpacking the following package could have serious consequences
> especially if done by root:
> [682] [snoopy:bam] ~/dangerous >tar -tzvf dangerous_0.0.tar.gz
> drwxr-xr-x bam/users 0 2000-12-15 17:06:21 dangerous-0.0/
> lrwxrwxrwx bam/users 0 2000-12-15 17:06:21 dangerous-0.0/etc -> /etc
> -rw-r--r-- bam/users 465 2000-12-15 17:06:21 dangerous-0.0/etc/nsswitch.conf
> -rw-r--r-- bam/users 2568 2000-12-15 17:06:21 dangerous-0.0/etc/passwd
> -rw-r--r-- bam/users 25 2000-12-15 17:06:21 dangerous-0.0/etc/shadow
Try --keep-old-files
--
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Reply to: