You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Max Bowsher (JIRA)" <ji...@codehaus.org> on 2009/12/09 15:45:56 UTC

[jira] Commented: (MASSEMBLY-449) Permissions on directories in a zipped archive incorrect

    [ http://jira.codehaus.org/browse/MASSEMBLY-449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=201889#action_201889 ] 

Max Bowsher commented on MASSEMBLY-449:
---------------------------------------

I confirm that the directory permission defaults have become excessively insecure in 2.2-beta-4, and that it happens with tar packaging as well as zip.

> Permissions on directories in a zipped archive incorrect
> --------------------------------------------------------
>
>                 Key: MASSEMBLY-449
>                 URL: http://jira.codehaus.org/browse/MASSEMBLY-449
>             Project: Maven 2.x Assembly Plugin
>          Issue Type: Bug
>    Affects Versions: 2.2-beta-4
>            Reporter: James Kavanagh
>
> Using the following assembly plugin:
> {code:xml}
> <assembly>
>     <id>target-packaged</id>
>     <formats>
>         <format>zip</format>
>     </formats>
>     <includeBaseDirectory>false</includeBaseDirectory>
>     <moduleSets>
>         <moduleSet>
>             <includes>
>                 <include>*:core-env</include>
>             </includes>
>             <binaries>
>                 <attachmentClassifier>env</attachmentClassifier>
>                 <includeDependencies>false</includeDependencies>
>                 <unpack>true</unpack>
>             </binaries>
>         </moduleSet>
>         <moduleSet>
>             <includes>
>                 <include>*:data-bridge</include>
>             </includes>
>             <binaries>
>                 <attachmentClassifier>target</attachmentClassifier>
>                 <includeDependencies>false</includeDependencies>
>                 <unpack>true</unpack>
>             </binaries>
>         </moduleSet>
>         <moduleSet>
>             <includes>
>                 <include>*:web</include>
>             </includes>
>             <binaries>
>                 <attachmentClassifier>web</attachmentClassifier>
>                 <includeDependencies>false</includeDependencies>
>                 <unpack>true</unpack>
>             </binaries>
>         </moduleSet>
>     </moduleSets>
> </assembly>
> {code}
> When unzipping the result on a Linux host all the directory permissions have been set to 777.
> If I revert the plugin version to 2.2-beta-3 the issue goes away.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira