View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0008120||mantisbt||installation||public||2007-07-03 00:29||2007-10-04 01:40|
|Target Version||1.0.9||Fixed in Version||1.1.0a4|
|Summary||0008120: all the files and directories has permission 777 in mantis-1.0.8.tar.gz|
I have downloaded mantis-1.0.8.tar.gz and after expanding it, all the files and directories have permission 777. I think this started on mantis-1.0.7.tar.gz and could be a security risk.
The way I expanded the archive is "zcat mantis-1.0.8.tar.gz | tar xf -"
|Tags||No tags attached.|
Victor, could you look into this?
I verified that 1.0.6 had proper permissions on (almost) all files.
Fedora users are not affected as the permissions are fixed during package build, but that's something we should fix for 1.0.9.
I do the packaging in Windows, what do I have to do to make sure that when the archive is expanded it comes out as 644 and 755. I used 7zip to create the last two archives, can it be the cause? Before that I used to use Total Commander (I think).
I don't know how to use the Windows tools to do the job.
What you can do to check the results, is to install MSYS from:
and using a command like:
tar tvzf mantisbt-1.0.8.tar.gz
once installed MSYS, you could also choose to create packages there with something like:
tar cvzf mantisbt-1.0.8.tar.gz mantisbt-1.0.8
You should avoid creating TAR archives on Windows, since this doesn't support Unix file permissions. However there may be the possibility to use the command line option "--mode" of GTAR, which you could also use on Windows. But it would be better to create the archives on a native Unix environment. If I shall help you with this - I have access to a Linux account.
Would tar within cygwin help? I tried it out and it seems to keep the mode set to a sane setting.
Yes, I believe that is a viable alternative in Windows, mush like the MSYS solution
Did you guys get a chance to try the permissions on 1.1.0a4? I've used Total Commander, which I used to use for older release. The reason I stopped using it was that it was generating tar files that some extractors were complaining about.
Yes, the new archive attributes look reasonable - there are no execute bits set, so you might also use your Total Commander version again.
|2007-07-03 00:29||kho||New Issue|
|2007-07-05 14:26||grangeway||Status||new => assigned|
|2007-07-05 14:26||grangeway||Assigned To||=> vboctor|
|2007-07-05 14:26||grangeway||Note Added: 0014870|
|2007-07-09 03:06||giallu||Note Added: 0014905|
|2007-07-09 03:07||giallu||Target Version||=> 1.0.9|
|2007-07-09 10:09||vboctor||Note Added: 0014913|
|2007-07-10 05:38||giallu||Note Added: 0014918|
|2007-08-01 02:06||Martin Fuchs||Note Added: 0015310|
|2007-08-07 16:58||DGtlRift||Note Added: 0015366|
|2007-08-08 02:33||giallu||Note Added: 0015368|
|2007-08-08 23:13||vboctor||Note Added: 0015376|
|2007-08-09 02:56||Martin Fuchs||Note Added: 0015378|
|2007-08-09 03:01||vboctor||Status||assigned => resolved|
|2007-08-09 03:01||vboctor||Fixed in Version||=> 1.1.0a4|
|2007-08-09 03:01||vboctor||Resolution||open => fixed|
|2007-10-04 01:40||vboctor||Status||resolved => closed|