Hi Ken,
----- Original Message -----
> On Thu, 2012-11-22 at 06:22 +1100, Ken McDonell wrote:
> > ...
> > However, there is another BIGGER problem in this area ... the modes
> > of
> > the temporary directories in the debian packages are wrong (it
> > maybe the
> > case for other packaging but these are the packages I've been
> > concentrating my diagnosis on). They should be drwxrwxrwxt but are
> > being packaged and installed as drwxr-xr-x.
>
> OK some progress.
>
> It appears to be the debian helper dh_fixperms that is resetting the
> modes (I have proved this using --execlude tmp/pmlogger to
> dh_fixperms).
>
> So the questions is ... did dh_fixperms change recently (google says
> no), or is there some PCP change that has undone or unmasked the way
> this was being "fixed" before?
The difference is we have never installed these directories in the past.
Previously, we created the directories on the fly then changed mode at
some point later. The recent CVE pointed out this race & we had to do
something about it (more in next mail & hopefully some from David).
> The way to fix it appears to be in the pcp.postinst script ... does
> that seem "right"?
I think that may cause problems with package checking processes (done
by sysadmins), because installed files would be immediately modified
after install which would be odd/questionable in their minds.
This is fixed in dev branch (regression was introduced by me after the
pcp-3.6.10 release too, 1000 apologies!)
> I'd like to do it there, as I suspect I'm going to
> need a chmod pcp.pcp ... there also.
With the sticky bit set, root.root ownership will be correct, I think.
cheers.
--
Nathan
|