Bug#167422: files in /usr/share should be world-readable
James R. Van Zandt wrote:
> Matt Swift <swift@alum.mit.edu> writes:
> ...
> >In the source package, the file ./debian/PVER-elisp.install.in
> >contains the lines:
> >
> > ELCDIR=/usr/share/$FLAVOR/site-lisp/$PACKAGE
> > [...]
> > LOG=`tempfile`
> > [...]
> > $FLAVOR $BATCHFLAGS $PRELOADS $COMPILE >>$LOG 2>&1
> > [...]
> > mv -f $LOG $ELCDIR/install.log
> >
> >The default mode of a file created by "tempfile" is 600 -- this is
> >how the file with the inappropriate mode is first created.
>
> However, I think substituting
>
> LOG=`tempfile -m 644`
>
> would introduce a security bug.
>
> Instead, I propose that
>
> chmod 644 $ELCDIR/install.log
>
> should be appended.
What I don't understand is why those .log files have to be created.
The example `install' script in debian-emacs-policy does not create it,
so the most simple way to avoid these files being 600 would be to not
create them at all.
Reply to: