From 7a1004b0b974c2ae9659bbba7b0666f8ba1441b5 Mon Sep 17 00:00:00 2001 From: Frank Lichtenheld Date: Wed, 18 Jan 2006 12:41:11 +0000 Subject: [PATCH] dpkg-source -x now tries to chown all files extracted from tar files. The temporary directory is now created with mode 0700, too. Together this should make it safer to run dpkg-source -x as root. Based on suggestions by Marcus Brinkmann and Colin Watson. Closes: #144571, #238460 --- ChangeLog | 12 ++++++++++-- debian/changelog | 5 +++++ scripts/dpkg-source.pl | 3 ++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9099da28..8d38748c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,15 @@ +2005-10-03 Frank Lichtenheld + + * scripts/dpkg-source.pl: Try to chown files extracted from + a tar file to the uid and gid of the user. This should make + dpkg-source -x safer to use as root. Also create the temporary + directory mode 0700 to not allow anyone exploiting races + between the extraction and the chown. + 2005-08-27 Frank Lichtenheld - * scripts/dpkg-gencontrol: Bail out with an error if parsedep - found an error while parsing a dependency field. + * scripts/dpkg-gencontrol: Bail out with an error if parsedep + found an error while parsing a dependency field. 2005-08-17 Scott James Remnant diff --git a/debian/changelog b/debian/changelog index e42910e4..0606807d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,11 @@ dpkg (1.13.12~) unstable; urgency=low [Frank Lichtenheld] * Let dpkg-gencontrol bail out with an error if parsedep found an error while parsing a dependency field. Closes: #228125 + * dpkg-source -x now tries to chown all files extracted from + tar files. The temporary directory is now created with mode + 0700, too. Together this should make it safer to run + dpkg-source -x as root. Based on suggestions by Marcus + Brinkmann and Colin Watson. Closes: #144571, #238460 -- diff --git a/scripts/dpkg-source.pl b/scripts/dpkg-source.pl index 7548379f..6798b215 100755 --- a/scripts/dpkg-source.pl +++ b/scripts/dpkg-source.pl @@ -642,10 +642,11 @@ if ($opmode eq 'build') { my $tmp = "$target.tmp-nest"; (my $t = $target) =~ s!.*/!!; - mkdir($tmp,0755) || &syserr("unable to create `$tmp'"); + mkdir($tmp,0700) || &syserr("unable to create `$tmp'"); system "chmod", "g-s", $tmp; print("$progname: unpacking $tarfile\n"); extracttar("$dscdir/$tarfile",$tmp,$t); + system "chown", '-R', '-f', join(':',@fowner), "$tmp/$t"; rename("$tmp/$t",$target) || &syserr("unable to rename `$tmp/$t' to `$target'"); rmdir($tmp) -- 2.39.5