You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Max Bowsher (JIRA)" <ji...@codehaus.org> on 2009/12/09 15:45:56 UTC
[jira] Commented: (MASSEMBLY-449) Permissions on directories in a
zipped archive incorrect
[ http://jira.codehaus.org/browse/MASSEMBLY-449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=201889#action_201889 ]
Max Bowsher commented on MASSEMBLY-449:
---------------------------------------
I confirm that the directory permission defaults have become excessively insecure in 2.2-beta-4, and that it happens with tar packaging as well as zip.
> Permissions on directories in a zipped archive incorrect
> --------------------------------------------------------
>
> Key: MASSEMBLY-449
> URL: http://jira.codehaus.org/browse/MASSEMBLY-449
> Project: Maven 2.x Assembly Plugin
> Issue Type: Bug
> Affects Versions: 2.2-beta-4
> Reporter: James Kavanagh
>
> Using the following assembly plugin:
> {code:xml}
> <assembly>
> <id>target-packaged</id>
> <formats>
> <format>zip</format>
> </formats>
> <includeBaseDirectory>false</includeBaseDirectory>
> <moduleSets>
> <moduleSet>
> <includes>
> <include>*:core-env</include>
> </includes>
> <binaries>
> <attachmentClassifier>env</attachmentClassifier>
> <includeDependencies>false</includeDependencies>
> <unpack>true</unpack>
> </binaries>
> </moduleSet>
> <moduleSet>
> <includes>
> <include>*:data-bridge</include>
> </includes>
> <binaries>
> <attachmentClassifier>target</attachmentClassifier>
> <includeDependencies>false</includeDependencies>
> <unpack>true</unpack>
> </binaries>
> </moduleSet>
> <moduleSet>
> <includes>
> <include>*:web</include>
> </includes>
> <binaries>
> <attachmentClassifier>web</attachmentClassifier>
> <includeDependencies>false</includeDependencies>
> <unpack>true</unpack>
> </binaries>
> </moduleSet>
> </moduleSets>
> </assembly>
> {code}
> When unzipping the result on a Linux host all the directory permissions have been set to 777.
> If I revert the plugin version to 2.2-beta-3 the issue goes away.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira