Page MenuHome GnuPG
Create Task
Maniphest T130

Rights 777 for files in gnupg-1.2.1.tar !!
Closed, ResolvedPublic
Actions

Description

Release: 1

Environment

Solaris
gnupg-1.2.1.tar.gz

Description

I downloaded gnupg-1.2.1.tar.gz, et I am surprised that files of the tar file are "Write for other" (777).
After I extract the tar file, anyone on my machine can change anything in this directory, and i suppose it is the same on the machine from which I found the file ( http://www.gnupg.org ).
Here a ls of extracted file :
sinope:root# ls -al gnupg-1.2.1
total 1548
drwxrwsrwx 15 root root 1024 Oct 25 12:07 .
drwxr-x--- 4 root other 512 Mar 17 11:45 ..
-rw-rw-r-- 1 root root 18852 Aug 23 2002 ABOUT-NLS
-rw-rw-r-- 1 root root 3608 Jun 29 2002 AUTHORS
-rw-rw-r-- 1 root root 506 Jun 29 2002 BUGS
-rw-rw-r-- 1 root root 17992 Jun 29 2002 COPYING
-rw-r--r-- 1 root root 32364 Oct 25 11:47 ChangeLog
-rw-rw-r-- 1 root root 9414 Jun 29 2002 INSTALL
-rw-rw-r-- 1 root root 1800 Jun 29 2002 Makefile.am
-rw-rw-r-- 1 root root 16465 Oct 25 11:55 Makefile.in
-rw-r--r-- 1 root root 49438 Oct 25 11:39 NEWS
-rw-rw-r-- 1 root root 1999 Jun 29 2002 PROJECTS
-rw-rw-r-- 1 root root 25389 Oct 17 16:49 README
-rw-rw-r-- 1 root root 9843 Oct 21 18:04 THANKS
-rw-rw-r-- 1 root root 3710 Sep 2 2002 TODO
-rw-rw-r-- 1 root root 6 Oct 25 12:07 VERSION
-rw-rw-r-- 1 root root 22889 Oct 21 17:29 acinclude.m4
-rw-rw-r-- 1 root root 75414 Oct 25 11:55 aclocal.m4
drwxrwsrwx 2 root root 1536 Oct 25 12:07 checks
drwxrwsrwx 2 root root 1024 Oct 25 12:05 cipher
-rw-rw-r-- 1 root root 13605 Oct 25 11:57 config.h.in
-rwxrwxr-x 1 root root 420067 Oct 25 11:56 configure
-rw-r--r-- 1 root root 28565 Oct 25 11:55 configure.ac
drwxrwsrwx 2 root root 512 Oct 25 12:07 doc
drwxrwsrwx 2 root root 1536 Oct 25 12:06 g10
drwxrwsrwx 2 root root 512 Oct 25 12:07 include
drwxrwsrwx 2 root root 1024 Oct 25 12:04 intl
drwxrwsrwx 2 root root 512 Oct 25 12:06 keyserver
drwxrwsrwx 18 root root 1024 Oct 25 12:07 mpi
drwxrwsrwx 2 root root 1024 Oct 25 12:07 po
drwxrwsrwx 2 root root 512 Oct 25 12:07 scripts
drwxrwsrwx 2 root root 512 Oct 25 12:05 tools
drwxrwsrwx 2 root root 512 Oct 25 12:05 util
drwxrwsrwx 2 root root 1024 Oct 25 12:05 zlib

How To Repeat

Download the file :
http://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.2.1.tar.gz
$ gunzip gnupg-1.2.1.tar.gz
$ tar xvf gnupg-1.2.1.tar
$ ls -al gnupg-1.2.1

Fix

Remove write rights for "other" :
$ chmod -R o-w gnupg-1.2.1

The probelm is more likely with your system. I bet your umask is not set correctly or the tar is broken. -wk

.. or you used tar with the -p option to preserve permissions. The "make dist" command all GNU programs use intentionally chmod 777 all files.