Bug 3727

Summary:	ebuild creates files from .tar.gz archives with wrong permissions
Product:	Portage Development	Reporter:	Daniel Ahlberg (RETIRED) <aliz>
Component:	Unclassified	Assignee:	Daniel Robbins (RETIRED) <drobbins>
Status:	RESOLVED FIXED
Severity:	major	CC:	aliz, rphillips
Priority:	High
Version:	unspecified
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Daniel Ahlberg (RETIRED) gentoo-dev

2002-06-14 06:44:49 UTC

When ebuild is unpacking a .tar.gz into /var/tmp/portage it for some reasons
sets the wrong permissions on the files. This should be considered a security
risk becuse packages that copies files directly from the unpacked distribution
archives will have the wrong permission set.

Comment 1 Ryan Phillips (RETIRED) gentoo-dev

2002-06-18 19:39:04 UTC

Seems like a -p option for tar or equivalent would be appropriate.

Comment 2 Daniel Robbins (RETIRED) gentoo-dev

2002-06-21 01:07:50 UTC

Archives extracted automatically use the --no-same-owner option, so that we
don't get weird ownership (which is possible since we are extracting the
tarballs as root.)  This is generally a good thing.  If you need the alternate
behavior (preserving ownership, which really you generally don't,) then you can
create a src_unpack which does so:

src_unpack() {
  tar xjvf ${DISTDIR}/myarchive.tar.bz2 -C ${WORKDIR}

}

I don't see this as a bug, so I'm going to close this report.