Bug#167422: files in /usr/share should be world-readable

To: 167422@bugs.debian.org
Subject: Bug#167422: files in /usr/share should be world-readable
From: Santiago Vila <sanvila@unex.es>
Date: Sat, 9 Nov 2002 13:43:13 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.44.0211091337170.3982-314159@home.unex.es>
Reply-to: Santiago Vila <sanvila@unex.es>, 167422@bugs.debian.org
In-reply-to: <[🔎] m18AL9R-000139C@vanzandt.mv.com>

James R. Van Zandt wrote:
> Matt Swift <swift@alum.mit.edu> writes:
> ...
> >In the source package, the file ./debian/PVER-elisp.install.in
> >contains the lines:
> >
> >    ELCDIR=/usr/share/$FLAVOR/site-lisp/$PACKAGE
> >         [...]
> >    LOG=`tempfile`
> >         [...]
> >    $FLAVOR $BATCHFLAGS $PRELOADS $COMPILE >>$LOG 2>&1
> >         [...]
> >    mv -f $LOG $ELCDIR/install.log
> >
> >The default mode of a file created by "tempfile" is 600 -- this is
> >how the file with the inappropriate mode is first created.
>
> However, I think substituting
>
>       LOG=`tempfile -m 644`
>
> would introduce a security bug.
>
> Instead, I propose that
>
>       chmod 644 $ELCDIR/install.log
>
> should be appended.

What I don't understand is why those .log files have to be created.
The example `install' script in debian-emacs-policy does not create it,
so the most simple way to avoid these files being 600 would be to not
create them at all.

Reply to:

Follow-Ups:
- Bug#167422: files in /usr/share should be world-readable
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- Bug#167422: files in /usr/share should be world-readable
  - From: "James R. Van Zandt" <jrv@vanzandt.mv.com>

Prev by Date: Bug#167422: files in /usr/share should be world-readable
Next by Date: Bug#168435: debian-policy: Remove the requirement to install static libraries
Previous by thread: Bug#167422: files in /usr/share should be world-readable
Next by thread: Bug#167422: files in /usr/share should be world-readable
Index(es):
- Date
- Thread