3727 – ebuild creates files from .tar.gz archives with wrong permissions

Bug 3727 - ebuild creates files from .tar.gz archives with wrong permissions

Summary: ebuild creates files from .tar.gz archives with wrong permissions

Status:	RESOLVED FIXED

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Unclassified (show other bugs)
Hardware:	x86 Linux

Importance:	High major (vote)
Assignee:	Daniel Robbins (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-06-14 06:44 UTC by Daniel Ahlberg (RETIRED)
Modified:	2011-10-30 22:20 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Ahlberg (RETIRED) gentoo-dev

2002-06-14 06:44:49 UTC

When ebuild is unpacking a .tar.gz into /var/tmp/portage it for some reasons
sets the wrong permissions on the files. This should be considered a security
risk becuse packages that copies files directly from the unpacked distribution
archives will have the wrong permission set.

Comment 1 Ryan Phillips (RETIRED) gentoo-dev

2002-06-18 19:39:04 UTC

Seems like a -p option for tar or equivalent would be appropriate.

Comment 2 Daniel Robbins (RETIRED) gentoo-dev

2002-06-21 01:07:50 UTC

Archives extracted automatically use the --no-same-owner option, so that we
don't get weird ownership (which is possible since we are extracting the
tarballs as root.)  This is generally a good thing.  If you need the alternate
behavior (preserving ownership, which really you generally don't,) then you can
create a src_unpack which does so:

src_unpack() {
  tar xjvf ${DISTDIR}/myarchive.tar.bz2 -C ${WORKDIR}

}

I don't see this as a bug, so I'm going to close this report.