[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#487317: perl-modules: File::Path::rmtree sets symlink target permissions to 0777

I cloned bug #487317 as #487319; the former is assigned to debsums and
the latter to perl-modules.

On Sat, 2008-06-21 at 00:43 -0500, Drake Wilson wrote:
> Quoth Ben Hutchings <ben@decadent.org.uk>, on 2008-06-20 23:36:51 +0100:
> > debsums is doing it:
> [strace elided]
> > It looks like it's unpacking the archive under /tmp, generating
> > checksums, then deleting the files as it goes.  Before unlinking it uses
> > chmod, presumably to ensure the unlink will succeed.  But chmod follows
> > sym-links, and these sym-links are absolute so it chmods the installed
> > files!
> > 
> > ...and a little investigation shows debsums is just using File::Path::rmtree.
> 
> The rmtree implementation actually tries to avoid this, but does it
> wrong: it _reads_ the permissions from the symbolic link, then
> _applies_ changed permissions through chmod, which affects the target
> instead.
> 
> It looks like this bug isn't as severe in perl-modules 5.8.8-12.

It doesn't appear to be present at all.

> The relevant lines of code appear to be:
> 
> >From <perl-modules 5.8.8-12> /usr/share/perl/5.8.8/File/Path.pm:
> |            chmod $rp | 0600, $root
> |              or carp "Can't make file $root writeable: $!"
> |                if $force_writeable;
> 
> >From <perl-modules 5.10.0-10> /usr/share/perl/5.10.0/File/Path.pm:
> |            my $nperm = $perm & 07777 | 0600;
> |            if ($nperm != $perm and not chmod $nperm, $root) {
> |                if ($Force_Writeable) {
> |                    _error($arg, "cannot make file writeable", $canon);
> |                }
> |            }
> 
> As can be seen above, the version from 5.8.8-12 only does the
> erroneous chmod if $force_writeable is turned on, whereas the version
> from 5.10.0-10 does the erroneous chmod in all cases where the target
> is a symbolic link.

Yes, and $force_writeable or $Force_Writeable is always false on Debian
systems.

> FWIW, I have a live report of this affecting more than terminfo on my
> machine, drache (as a partial confirmation of the analysis):
> 
> -rwxrwxrwx 1 root  root   194924 2008-06-01
> 06:44 /emul/ia32-linux/lib/libncurses.so.5.6
> -rwxrwxrwx 1 root  root    69560 2008-06-01
> 06:44 /emul/ia32-linux/lib/libtic.so.5.6
> -rwxrwxrwx 1 root  root   248288 2008-05-06
> 07:33 /lib/libncurses.so.5.6
> -rwxrwxrwx 1 root  root    74128 2008-05-06 07:33 /lib/libtic.so.5.6

It appears that package installation only triggers this if:

1. installation is done using APT with the debsums hook enabled
2. perl-modules 5.10 is installed
3. there are no md5sums in the package
4. the package contains sym-links to absolute paths

There are few packages for which 3 and 4 are true.

Ben.

-- 
Ben Hutchings
Design a system any fool can use, and only a fool will want to use it.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: