[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: world writable /usr/lib/libguile.so.6.0.0

On Mon, Nov 22, 1999 at 05:08:17PM +0100, Peter Makholm was heard to say:
> Christian Surchi <csurchi@mclink.it> writes:
> 
> > > does anyone else have a world writable /usr/lib/libguile.so.6.0.0?
> > > 
> > > i just found mine with mode 777...
> > 
> > Me too. :|
> 
> Just downloaded libguile6 and unared and untared it. Permissions in
> that version seems fine. And there is notihing in postinst that
> changes this.
> 
> I found version 1.3-16.1 which versions are you using?

  I seem to have the same problem:
-rw-r--r--    1 root     root       728354 Nov 20 16:55 /usr/lib/libguile.a
-rw-r--r--    1 root     root          664 Nov 20 16:55 /usr/lib/libguile.la
lrwxrwxrwx    1 root     root           17 Nov 21 19:06 /usr/lib/libguile.so -> libguile.so.6.0.0
lrwxrwxrwx    2 root     root           17 Nov 21 19:06 /usr/lib/libguile.so.3 -> libguile.so.6.0.0
lrwxrwxrwx    2 root     root           17 Nov 21 19:06 /usr/lib/libguile.so.6 -> libguile.so.6.0.0
-rwxrwxrwx    1 root     root       469196 Nov 20 16:55 /usr/lib/libguile.so.6.0.0

bluegreen:/tmp/menu-2.1.4> dlocate -s libguile6
Package: libguile6
Status: install ok installed
Priority: optional
Section: libs
Installed-Size: 1304
Maintainer: Craig Brozefsky <craig@red-bean.com>
Source: guile-core
Version: 1:1.3-16.1
Replaces: guile-lib, guile-dev, libguile3
Provides: libguile3, libguile4
Depends: libc6 (>= 2.1), libncurses4 (>= 4.2-3.1)
Suggests: libguile6-dev
Conflicts: guile-lib, guile-dev, libguile3, libguile4, scwm (<= 0.8a-8)
Description: `libguile.so.6' shared libraries for Guile1.3.
 `libguile.so.6' shared object libraries and the ice-9 scheme module
 library for Guile, the GNU Ubiquitous Intelligent Extension Language.
 .
 `libguile' is an ELF shared object library that you can link your
 programs with to provide them with an extension language.


  I'm also wondering about the link from libguile.so.3 to libguile.so.6.0.0 --
maybe I'm missing something, but the soname would seem to indicate that these
libraries ought to be incompatible.

  Hmm, this is interesting:

bluegreen:/tmp/menu-2.1.4> dpkg --contents /var/cache/apt/archives/libguile6_1%3a1.3-16.1_i386.deb  | head
drwxr-xr-x root/root         0 1999-11-20 16:56:01 ./
drwxr-xr-x root/root         0 1999-11-20 16:55:51 ./usr/
drwxr-xr-x root/root         0 1999-11-20 16:55:52 ./usr/lib/
-rw-r--r-- root/root    469196 1999-11-20 16:55:52 ./usr/lib/libguile.so.6.0.0

  So its permissions changed in the process of being installed?

  Watching the permissions as dpkg reinstalls the
deb..libguile.so.6.0.0.dpkg-tmp is created with permissions r--r--r-- and
unpacked (the file got a lot larger a lot quicker), then moves to
libguile.so.6.0.0 and becomes rwxrwxrwx.  Probably there's a step in between
that my crude monitoring missed.  Interestingly, libguilereadline has the right
permissions.

  Only thing I can think of is that possibly dpkg is somehow following links on
chmod, so the libguile.so.* links get chmod'd to rwxrwxrwx after being untarred
but the library itself is actually modified.  This seems unlikely, though, and
I don't know enough about dpkg internals.

  Daniel

-- 
  After the game, the king and the pawn go in the same box.
    -- Italian proverb
Reply to: