http://bugs.gentoo.org/295357 From b1c42762931e9cd03aee3e4b4284dc2920c9eabc Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Tue, 1 Dec 2009 22:48:15 +0100 Subject: [PATCH 1/1] do not put world-writable directories in distribution tarballs * lib/am/distdir.am (distdir): Do not make all directories group- or world-writable. Instead, use 755. Signed-off-by: Ralf Wildenhues --- Makefile.in | 3 ++- lib/am/distdir.am | 9 +++------ 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/Makefile.in b/Makefile.in index ebbfd2f..76991db 100644 --- a/Makefile.in +++ b/Makefile.in @@ -379,7 +379,8 @@ distdir: $(DISTFILES) $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="${top_distdir}" distdir="$(distdir)" \ dist-info - -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ + -find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \ diff --git a/lib/am/distdir.am b/lib/am/distdir.am index e808966..0a01c4e 100644 --- a/lib/am/distdir.am +++ b/lib/am/distdir.am @@ -127,11 +127,7 @@ if %?DIST-TARGETS% endif %?DIST-TARGETS% ## ## This complex find command will try to avoid changing the modes of -## links into the source tree, in case they're hard-linked. It will -## also make directories writable by everybody, because some -## brain-dead tar implementations change ownership and permissions of -## a directory before extracting the files, thus becoming unable to -## extract them. +## links into the source tree, in case they're hard-linked. ## ## Ignore return result from chmod, because it might give an error ## if we chmod a symlink. @@ -144,7 +140,8 @@ endif %?DIST-TARGETS% ## the file in place in the source tree. ## if %?TOPDIR_P% - -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ + -find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \ -- 1.6.5.4