Red Hat Bugzilla – Bug 200351
SRPM spec file installed 0666
Last modified: 2007-11-30 17:11:38 EST
After installing the SRPM for this package I noticed:
[stan@duergar ~]$ ls -l /usr/src/redhat/SPECS/perl-File-chdir.spec
-rw-rw-rw- 1 root root 1485 Jun 29 01:49 /usr/src/redhat/SPECS/perl-File-chdir.spec
Security risk, enough said.
[stan@duergar ~]$ ls -l /usr/src/redhat/SOURCES/File-chdir-0.06.tar.gz
-rw-rw-rw- 1 root root 22393 Jun 29 01:49
The mock build system makes all files in the SRPMS writable. The files have
normal permissions in CVS. They are checked out as 0664 on my machine, included
like that in I build locally. Also, installing the SRPMS on my machine as my
user uses my umask. They only end up world-writable when installed by root.
I have no control on the permissions that the build system uses. This problem
effects all the SRPMS in Extras. I would suggest not installing and building
SRPMS as root. To get this fixed, you will need to:
1) Complain to mock maintainers to change the permissions in the SRPMS.
2) Complain to rpm maintainers to not install files with world-writable
permissions and obey the umask as root.
Bleh. I have my own little perl-based build system which uses builder
user/group for building. But on occasion when I'm su'ed to root I build
packages when I'm fooling around.
This whole thing kinda stinks, I'll file a mock bug. Sorry to bother you.