Re: www/serf install permissions fix

To: tech-pkg%netbsd.org@localhost
Subject: Re: www/serf install permissions fix
From: "J. Lewis Muir" <jlmuir%imca-cat.org@localhost>
Date: Mon, 3 Apr 2017 09:47:55 -0500

On 03/31, Edgar Fuß wrote:
> > Fix permissions after extraction (but, as you pointed out, there
> > is the security issue with the window of group- and world-writable
> > before the fix-up)?
>
> You could make the work directory temporaribly
> non-{group,world}-searchable.

Good point.  One potential pitfall would be that the work directory
might be left in that state if an error occurs during the extraction
or fix-up such that the work directory is not restored to
{group,world}-searchable.  Is that acceptable?

Is this the preferred solution?  Would someone like to implement the
change?  If not, I could implement it, but I don't want to spend time
doing it if someone else is going to do it or if it's not really the
preferred solution.

Thanks,

Lewis

Follow-Ups:
- Re: www/serf install permissions fix
  - From: Edgar Fuß

References:
- www/serf install permissions fix
  - From: J. Lewis Muir
- Re: www/serf install permissions fix
  - From: Greg Troxel
- Re: www/serf install permissions fix
  - From: J. Lewis Muir
- Re: www/serf install permissions fix
  - From: Greg Troxel
- Re: www/serf install permissions fix
  - From: J. Lewis Muir
- Re: www/serf install permissions fix
  - From: Greg Troxel
- Re: www/serf install permissions fix
  - From: J. Lewis Muir
- Re: www/serf install permissions fix
  - From: Edgar Fuß

Prev by Date: Re: bump req libxcb
Next by Date: Re: www/serf install permissions fix
Previous by Thread: Re: www/serf install permissions fix
Next by Thread: Re: www/serf install permissions fix
Indexes:

Home | Main Index | Thread Index | Old Index