Bug 112787 - check for bad permissions on files
Summary: check for bad permissions on files
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: distribution
Version: 1
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Bill Nottingham
URL:
Whiteboard:
Keywords: FutureFeature
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-12-31 21:23 UTC by Bill Rugolsky, Jr.
Modified: 2014-03-17 02:41 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2004-01-02 16:32:05 UTC


Attachments (Terms of Use)

Description Bill Rugolsky, Jr. 2003-12-31 21:23:11 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
There are numerous packages that contain regular files with execute
permissions on non-executable data:

rpm -qa --dump | gawk 'NF > 6 && and(p=strtonum($(NF-6)),0111) &&
and(p,0170000) == 0100000 && $1 ~ /\.(gz|html|xml|dtd|ent|gif|bmp)$/
{print $1}'

Post-processing the output of the foregoing with

xargs -ifoobar rpm -qf --qf "%{NAME} foobar\n" foobar | gawk '{print
$1}' | sort -u

yields:

4Suite
anaconda-help
blas
brltty
ckermit
cyrus-sasl
dhclient
dhcp
dhcp-devel
docbook-dtds
giftrans
gimp-perl
gnome-applets
gnome-panel
gnome-user-docs
gnumeric
htdig
httpd-manual
iputils
irb
itcl
kbd
kernel-utils
lapack
macutils
mrtg
ntp
parted
pmake
tix
traceroute
transfig
unixODBC
vnc-server
w3c-libwww
x3270
xhtml1-dtds

This list is by no means exhaustive.


Version-Release number of selected component (if applicable):
rpm-4.2.1-0.30

How reproducible:
Didn't try

Steps to Reproduce:
1. As provided in the description.
    

Actual Results:  Lots of files have incorrect permissions.  This might
be the result of lazy use of defattr.

Expected Results:  It would be helpful if rpm warned about this and
other common permission errors (e.g., world writable files) while
packaging.

Additional info:

I didn't know where to file this meta-bug, but enhancing rpm to flag
it might eliminate most problems.

Comment 1 Jeff Johnson 2004-01-01 18:37:12 UTC
rpm cannot dictate "bad permissions", has no reference template
nor well defined semantic rules to even attempt a comparison.

The problem is *not* due to
   %defattr(-,root,root)
which will use the permissions as otherwise specified.

Off to distribution for packaging policy call ...

Comment 2 Bill Nottingham 2004-01-02 04:04:27 UTC
It's probably just best to file bugs against the individual packages.

Comment 3 Bill Rugolsky, Jr. 2004-01-02 16:32:05 UTC
Jeff: It seems to me that if find-requires can't discern an
interpreter, it could issue a *warning*.

Bill: once there is an automated submission procedure, I'll be happy
to file the same bugs against dozens of packages. :-)



Note You need to log in before you can comment on or make changes to this bug.