You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Dennis Lundberg (JIRA)" <ji...@codehaus.org> on 2012/11/05 17:42:13 UTC
[jira] (MASSEMBLY-580) dependencySet ignores directoryMode
descriptor
[ https://jira.codehaus.org/browse/MASSEMBLY-580?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dennis Lundberg updated MASSEMBLY-580:
--------------------------------------
Component/s: dependencySet
Description:
Despite having set the directoryMode for the dependencySet the permissions are ignored and the folder is set to 777 which poses as a possible security risk. Please find attached project which can be used to create the test zip containing the folder with incorrect permissions.
{noformat}
$ unzip project-deploy.zip
Archive: project-deploy.zip
creating: webapps/
inflating: webapps/commons-fileupload.jar
$ ls -lah
total 92K
drwxr-xr-x 4 johno sulake 4.0K Oct 27 20:26 .
drwxr-xr-x 4 johno sulake 4.0K Oct 27 20:25 ..
drwxr-xr-x 2 johno sulake 4.0K Oct 27 20:25 archive-tmp
-rw-r--r-- 1 johno sulake 51K Oct 27 20:25 project-deploy.zip
drwxrwxrwx 2 johno sulake 4.0K Oct 27 20:25 webapps
{noformat}
Thanks in advance!
was:
Despite having set the directoryMode for the dependencySet the permissions are ignored and the folder is set to 777 which poses as a possible security risk. Please find attached project which can be used to create the test zip containing the folder with incorrect permissions.
$ unzip project-deploy.zip
Archive: project-deploy.zip
creating: webapps/
inflating: webapps/commons-fileupload.jar
$ ls -lah
total 92K
drwxr-xr-x 4 johno sulake 4.0K Oct 27 20:26 .
drwxr-xr-x 4 johno sulake 4.0K Oct 27 20:25 ..
drwxr-xr-x 2 johno sulake 4.0K Oct 27 20:25 archive-tmp
-rw-r--r-- 1 johno sulake 51K Oct 27 20:25 project-deploy.zip
drwxrwxrwx 2 johno sulake 4.0K Oct 27 20:25 webapps
Thanks in advance!
> dependencySet ignores directoryMode descriptor
> ----------------------------------------------
>
> Key: MASSEMBLY-580
> URL: https://jira.codehaus.org/browse/MASSEMBLY-580
> Project: Maven 2.x Assembly Plugin
> Issue Type: Bug
> Components: dependencySet
> Affects Versions: 2.2.1
> Reporter: Johno Crawford
> Attachments: directoryModeIgnored.zip
>
>
> Despite having set the directoryMode for the dependencySet the permissions are ignored and the folder is set to 777 which poses as a possible security risk. Please find attached project which can be used to create the test zip containing the folder with incorrect permissions.
> {noformat}
> $ unzip project-deploy.zip
> Archive: project-deploy.zip
> creating: webapps/
> inflating: webapps/commons-fileupload.jar
> $ ls -lah
> total 92K
> drwxr-xr-x 4 johno sulake 4.0K Oct 27 20:26 .
> drwxr-xr-x 4 johno sulake 4.0K Oct 27 20:25 ..
> drwxr-xr-x 2 johno sulake 4.0K Oct 27 20:25 archive-tmp
> -rw-r--r-- 1 johno sulake 51K Oct 27 20:25 project-deploy.zip
> drwxrwxrwx 2 johno sulake 4.0K Oct 27 20:25 webapps
> {noformat}
> Thanks in advance!
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira