Bug 1421468
| Summary: | overly restrictive permissions on /usr/share/doc/tripwire | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | J. Randall Owens <jrowens.fedora> |
| Component: | tripwire | Assignee: | Didier Fabert (tartare) <didier.fabert> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 25 | CC: | didier.fabert, moez.roy, rebus, smparrish |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | tripwire-2.4.3.2-3.fc24 tripwire-2.4.3.2-3.fc25 tripwire-2.4.3.2-3.el6 tripwire-2.4.3.2-3.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-02-26 00:18:50 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
tripwire-2.4.3.2-3.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d22c0336d8 tripwire-2.4.3.2-3.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c7cf6ea72 tripwire-2.4.3.2-3.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5e7a3c732 tripwire-2.4.3.2-3.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-5994e7b9e9 tripwire-2.4.3.2-3.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c7cf6ea72 tripwire-2.4.3.2-3.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d22c0336d8 tripwire-2.4.3.2-3.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5e7a3c732 tripwire-2.4.3.2-3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-5994e7b9e9 tripwire-2.4.3.2-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. tripwire-2.4.3.2-3.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. tripwire-2.4.3.2-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. tripwire-2.4.3.2-3.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: %{_docdir}/tripwire has permissions 0644 drw-r--r--, meaning we can't read even the docs there as non-root. Paranoia about a security package like this is great, but making the docs inaccessible is rather excessive. Version-Release number of selected component (if applicable): tripwire-2.4.3.1-10.fc25.x86_64 How reproducible: every time Steps to Reproduce: 1. # dnf install tripwire 2. $ less /usr/share/doc/tripwire/README.fedora 3. $ ls -ld /usr/share/doc/tripwire Actual results: /usr/share/doc/tripwire/README.Fedora: Permission denied drw-r--r--. 2 root root 4096 Dec 13 17:36 /usr/share/doc/tripwire/ Expected results: viewing the README file; drwxr-xr-x. Additional info: Looking over the specfile, I haven't figured out why the x bits are removed from the perms. %defattr(0644,root,root,0755) should allow for the expected drwxr-xr-x, and I don't see anything else removing permissions there (although there's a chmod 644 on the files within the directory). Maybe it's actually an rpmbuild bug that doesn't show up in many packages since most don't set the permissions so thoroughly? . . . Looking over the contents on my own machine, there are 14 other directories there which are also drw-r--r--. So it seems possible.