You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@serf.apache.org by "J. Lewis Muir (JIRA)" <ji...@apache.org> on 2017/04/05 15:54:41 UTC
[jira] [Created] (SERF-181) Source tarball file modes are group- and world-writable

J. Lewis Muir created SERF-181:
----------------------------------

             Summary: Source tarball file modes are group- and world-writable
                 Key: SERF-181
                 URL: https://issues.apache.org/jira/browse/SERF-181
             Project: serf
          Issue Type: Bug
    Affects Versions: serf-1.3.9
            Reporter: J. Lewis Muir
            Priority: Minor


The modes of the files in the serf-1.3.9.tar.bz2 source tarball are all group- and world-writable.  This is problematic if the tarball is extracted as root since many tar implementations will preserve the file modes even without the {{-p}} option, thus creating files that are group- and world-writable.  It would be better if the file modes were not group- and world-writable in the tarball.

{noformat}
% tar tjvf serf-1.3.9.tar.bz2
drwxrwxrwx  0 bert   bert        0 Aug 29  2016 serf-1.3.9/
-rw-rw-rw-  0 bert   bert    14372 Aug 29  2016 serf-1.3.9/CHANGES
-rw-rw-rw-  0 bert   bert    11357 Aug 26  2007 serf-1.3.9/LICENSE
-rw-rw-rw-  0 bert   bert      287 Sep 17  2015 serf-1.3.9/NOTICE
-rw-rw-rw-  0 bert   bert     2842 Sep 17  2015 serf-1.3.9/README
-rw-rw-rw-  0 bert   bert    17388 Sep 17  2015 serf-1.3.9/SConstruct
-rw-rw-rw-  0 bert   bert      520 Oct 17  2015 serf-1.3.9/STATUS
drwxrwxrwx  0 bert   bert        0 Aug 29  2016 serf-1.3.9/auth/
-rw-rw-rw-  0 bert   bert    16390 Sep 17  2015 serf-1.3.9/auth/auth.c
-rw-rw-rw-  0 bert   bert     6570 Sep 17  2015 serf-1.3.9/auth/auth.h
-rw-rw-rw-  0 bert   bert     6020 Sep 17  2015 serf-1.3.9/auth/auth_basic.c
-rw-rw-rw-  0 bert   bert    17883 Sep 17  2015 serf-1.3.9/auth/auth_digest.c
-rw-rw-rw-  0 bert   bert    23808 Sep 17  2015 serf-1.3.9/auth/auth_spnego.c
-rw-rw-rw-  0 bert   bert     4133 Sep 17  2015 serf-1.3.9/auth/auth_spnego.h
-rw-rw-rw-  0 bert   bert     8096 Sep 17  2015 serf-1.3.9/auth/auth_spnego_gss.c
-rw-rw-rw-  0 bert   bert     9296 Sep 17  2015 serf-1.3.9/auth/auth_spnego_sspi.c
drwxrwxrwx  0 bert   bert        0 Aug 29  2016 serf-1.3.9/buckets/
-rw-rw-rw-  0 bert   bert    14119 Sep 17  2015 serf-1.3.9/buckets/aggregate_buckets.c
-rw-rw-rw-  0 bert   bert    12238 Sep 17  2015 serf-1.3.9/buckets/allocator.c
-rw-rw-rw-  0 bert   bert     3371 Sep 17  2015 serf-1.3.9/buckets/barrier_buckets.c
-rw-rw-rw-  0 bert   bert    18434 Sep 17  2015 serf-1.3.9/buckets/buckets.c
-rw-rw-rw-  0 bert   bert    17625 Sep 17  2015 serf-1.3.9/buckets/bwtp_buckets.c
-rw-rw-rw-  0 bert   bert     7227 Sep 17  2015 serf-1.3.9/buckets/chunk_buckets.c
-rw-rw-rw-  0 bert   bert     6547 Sep 17  2015 serf-1.3.9/buckets/dechunk_buckets.c
-rw-rw-rw-  0 bert   bert    14904 Sep 17  2015 serf-1.3.9/buckets/deflate_buckets.c
-rw-rw-rw-  0 bert   bert     3939 Sep 17  2015 serf-1.3.9/buckets/file_buckets.c
-rw-rw-rw-  0 bert   bert    13282 Sep 17  2015 serf-1.3.9/buckets/headers_buckets.c
-rw-rw-rw-  0 bert   bert     5250 Sep 17  2015 serf-1.3.9/buckets/iovec_buckets.c
-rw-rw-rw-  0 bert   bert     3798 Sep 17  2015 serf-1.3.9/buckets/limit_buckets.c
-rw-rw-rw-  0 bert   bert     3900 Sep 17  2015 serf-1.3.9/buckets/mmap_buckets.c
-rw-rw-rw-  0 bert   bert     7747 Sep 17  2015 serf-1.3.9/buckets/request_buckets.c
-rw-rw-rw-  0 bert   bert     4223 Sep 17  2015 serf-1.3.9/buckets/response_body_buckets.c
-rw-rw-rw-  0 bert   bert    16027 Sep 17  2015 serf-1.3.9/buckets/response_buckets.c
-rw-rw-rw-  0 bert   bert     4686 Sep 17  2015 serf-1.3.9/buckets/simple_buckets.c
-rw-rw-rw-  0 bert   bert     3957 Sep 17  2015 serf-1.3.9/buckets/socket_buckets.c
-rw-rw-rw-  0 bert   bert    60398 Jun 30  2016 serf-1.3.9/buckets/ssl_buckets.c
drwxrwxrwx  0 bert   bert        0 Aug 29  2016 serf-1.3.9/build/
-rwxrwxrwx  0 bert   bert     2206 Sep 17  2015 serf-1.3.9/build/check.py
-rwxrwxrwx  0 bert   bert     2694 Sep 17  2015 serf-1.3.9/build/gen_def.py
-rw-rw-rw-  0 bert   bert      318 Oct  4  2013 serf-1.3.9/build/serf.pc.in
-rw-rw-rw-  0 bert   bert    11892 Oct 17  2015 serf-1.3.9/context.c
-rw-rw-rw-  0 bert   bert     5880 Aug 26  2007 serf-1.3.9/design-guide.txt
-rw-rw-rw-  0 bert   bert     4380 Sep 17  2015 serf-1.3.9/incoming.c
-rw-rw-rw-  0 bert   bert    58625 Oct 17  2015 serf-1.3.9/outgoing.c
-rw-rw-rw-  0 bert   bert    39346 Sep 17  2015 serf-1.3.9/serf.h
-rw-rw-rw-  0 bert   bert    21225 Sep 17  2015 serf-1.3.9/serf_bucket_types.h
-rw-rw-rw-  0 bert   bert     8787 Sep 17  2015 serf-1.3.9/serf_bucket_util.h
-rw-rw-rw-  0 bert   bert    15934 Sep 17  2015 serf-1.3.9/serf_private.h
-rw-rw-rw-  0 bert   bert     7291 Sep 17  2015 serf-1.3.9/ssltunnel.c
drwxrwxrwx  0 bert   bert        0 Aug 29  2016 serf-1.3.9/test/
-rw-rw-rw-  0 bert   bert     7485 Oct 12  2008 serf-1.3.9/test/CuTest-README.txt
-rw-rw-rw-  0 bert   bert    11273 Oct  4  2013 serf-1.3.9/test/CuTest.c
-rw-rw-rw-  0 bert   bert     6409 Jul 21  2013 serf-1.3.9/test/CuTest.h
-rw-rw-rw-  0 bert   bert    11135 Sep 17  2015 serf-1.3.9/test/mock_buckets.c
-rw-rw-rw-  0 bert   bert    20061 Sep 17  2015 serf-1.3.9/test/serf_bwtp.c
-rw-rw-rw-  0 bert   bert    21439 Sep 17  2015 serf-1.3.9/test/serf_get.c
-rw-rw-rw-  0 bert   bert     2521 Sep 17  2015 serf-1.3.9/test/serf_request.c
-rw-rw-rw-  0 bert   bert     4683 Sep 17  2015 serf-1.3.9/test/serf_response.c
-rw-rw-rw-  0 bert   bert     4120 Sep 17  2015 serf-1.3.9/test/serf_server.c
-rw-rw-rw-  0 bert   bert    25059 Sep 17  2015 serf-1.3.9/test/serf_spider.c
-rw-rw-rw-  0 bert   bert     3656 Mar 21  2008 serf-1.3.9/test/serftestca.pem
drwxrwxrwx  0 bert   bert        0 Aug 29  2016 serf-1.3.9/test/server/
-rw-rw-rw-  0 bert   bert     1489 Jun 30  2016 serf-1.3.9/test/server/serfcacert.pem
-rw-rw-rw-  0 bert   bert     3677 Jun 30  2016 serf-1.3.9/test/server/serfclientcert.p12
-rw-rw-rw-  0 bert   bert     1505 Jun 30  2016 serf-1.3.9/test/server/serfrootcacert.pem
-rw-rw-rw-  0 bert   bert     1371 Jun 30  2016 serf-1.3.9/test/server/serfserver_expired_cert.pem
-rw-rw-rw-  0 bert   bert     1371 Jun 30  2016 serf-1.3.9/test/server/serfserver_future_cert.pem
-rw-rw-rw-  0 bert   bert     1371 Jun 30  2016 serf-1.3.9/test/server/serfservercert.pem
-rw-rw-rw-  0 bert   bert     1834 Jun 30  2016 serf-1.3.9/test/server/serfserverkey.pem
-rw-rw-rw-  0 bert   bert    21996 Sep 17  2015 serf-1.3.9/test/server/test_server.c
-rw-rw-rw-  0 bert   bert     5259 Sep 17  2015 serf-1.3.9/test/server/test_server.h
-rw-rw-rw-  0 bert   bert    13854 Jun 30  2016 serf-1.3.9/test/server/test_sslserver.c
-rw-rw-rw-  0 bert   bert     3217 Sep 17  2015 serf-1.3.9/test/test_all.c
-rw-rw-rw-  0 bert   bert    23992 Sep 17  2015 serf-1.3.9/test/test_auth.c
-rw-rw-rw-  0 bert   bert    58829 Sep 17  2015 serf-1.3.9/test/test_buckets.c
-rw-rw-rw-  0 bert   bert    86012 Sep 17  2015 serf-1.3.9/test/test_context.c
-rw-rw-rw-  0 bert   bert    10811 Sep 17  2015 serf-1.3.9/test/test_serf.h
-rw-rw-rw-  0 bert   bert    10622 Sep 17  2015 serf-1.3.9/test/test_ssl.c
-rw-rw-rw-  0 bert   bert    21513 Sep 17  2015 serf-1.3.9/test/test_util.c
drwxrwxrwx  0 bert   bert        0 Aug 29  2016 serf-1.3.9/test/testcases/
-rw-rw-rw-  0 bert   bert      258 Sep  4  2004 serf-1.3.9/test/testcases/chunked-empty.response
-rw-rw-rw-  0 bert   bert      131 Sep  8  2004 serf-1.3.9/test/testcases/chunked-trailers.response
-rw-rw-rw-  0 bert   bert      114 Sep  8  2004 serf-1.3.9/test/testcases/chunked.response
-rw-rw-rw-  0 bert   bert      639 Sep  8  2004 serf-1.3.9/test/testcases/deflate.response
-rw-rw-rw-  0 bert   bert       16 Mar 29  2005 serf-1.3.9/test/testcases/simple.request
-rw-rw-rw-  0 bert   bert      845 Sep  4  2004 serf-1.3.9/test/testcases/simple.response
{noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)