On Fri, Feb 11, 2000 at 09:18:15AM -0500, Scott A Crosby wrote: > If you've done that, then I would also suggest looking at other packages, > I found several examples of this problem in the packages I have installed. > > I ran a > > >>> > find /etc /usr /var \( -type f -o -type d \) -perm +002 -print0 | xargs > -0 ls -ld --color=yes | less -r > <<< > > and submitted 8 bug reports on world-writable files and directories > yesterday. Having someone else go over all of the packages to find other > instances and also make sure that these get fixed is a good idea. Why use a person when you can have a computer do it :-) http://www.debian.org/lintian/reports/Tnon-standard-file-perm.html http://www.debian.org/lintian/reports/Tnon-standard-executable-perm.html RFC: It would be good for lintian to report files with too open permissions as errors. Most serious is the libguile.so bad permissions, more than 2 months old and even reported on bugtraq (bugs #52315, #54343, #55759). Someone really should fix that. > My search also found another misfeature: unzip appears to create its files > a+rw. Overriding the umask? Bad.. Colin
Attachment:
pgp0ThlAVXWoY.pgp
Description: PGP signature