| Summary: | some rpm provide doc files with restricted permissions (only root can read them) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Philippe Didier <philippedidier> |
| Component: | RPM Packages | Assignee: | Mageia Bug Squad <bugsquad> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | enhancement | ||
| Priority: | Low | CC: | guillomovitch, n54, zen25000 |
| Version: | Cauldron | Keywords: | Junior_job |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | CVE: | ||
| Status comment: | |||
| Bug Depends on: | 2156, 3052, 3054, 3055, 3330 | ||
| Bug Blocks: | |||
|
Description
Philippe Didier
2011-10-15 01:00:15 CEST
Philippe Didier
2011-10-15 01:00:28 CEST
Depends on:
(none) =>
3052
Philippe Didier
2011-10-15 01:01:42 CEST
Keywords:
(none) =>
Junior_job
Philippe Didier
2011-10-15 01:19:08 CEST
Depends on:
(none) =>
3054
Philippe Didier
2011-10-15 01:42:26 CEST
Depends on:
(none) =>
3055 Additional list : SRPM : doc file with read permission for root only lockdev : /usr/share/doc/liblockdev1/LSB.991201 python-feedparser : /usr/share/doc/python-feedparser/LICENSE & README tcb : /usr/share/doc/tcb/LICENSE libgd2 : /usr/share/doc/libgd2/README.TXT perl-DBI : /usr/share/doc/perl-DBI/META.yml readline : /usr/share/doc/libreadline-devel/examples/rlfe/Changelog quota : /usr/share/doc/quota/ldap-scripts/setquota-ldap.pl Need to write a bug report for each of them ? Or may we ask an apprentice to look at them all ?
Kamil Rytarowski
2011-11-13 21:21:00 CET
Depends on:
(none) =>
3330 (In reply to comment #3) > Additional list : > SRPM : doc file with read permission for root only > > lockdev : /usr/share/doc/liblockdev1/LSB.991201 > python-feedparser : /usr/share/doc/python-feedparser/LICENSE & README > tcb : /usr/share/doc/tcb/LICENSE > libgd2 : /usr/share/doc/libgd2/README.TXT > perl-DBI : /usr/share/doc/perl-DBI/META.yml > readline : /usr/share/doc/libreadline-devel/examples/rlfe/Changelog > quota : /usr/share/doc/quota/ldap-scripts/setquota-ldap.pl > > Need to write a bug report for each of them ? > Or may we ask an apprentice to look at them all ? I can work my way through these. They need fixing in mga1 as well as mga2, should I also push fixes to 1/updates_testing? CC:
(none) =>
zen25000 Update :- lockdev fixed python-feedparser was already fixed tcb fixed Update :- gd fixed Note: I am fixing these in Cauldron. Update : perl-DBI fixed Currently, neither readline nor quota will build in Cauldron but I am working on them.
Barry Jackson
2011-12-14 23:09:26 CET
Depends on:
(none) =>
2156 Update :- readline fixed (In reply to comment #3) Regarding quota - is there really an issue? Does that perl script really need to be changed? (it's 600 ATM) If it is an error and something is broken as a result, then would you please confirm this with more detail - thanks. There is no point shipping root-only files, especially for documentation. Either you ship them with standard permissions (644/755), or you don't ship them at all. And there is no use to provide them as update candidates, mainly because this kind of problem doesn't qualify for an update, which are reserved for security issues and heavy problems. CC:
(none) =>
guillomovitch (In reply to comment #10) > There is no point shipping root-only files, especially for documentation. > Either you ship them with standard permissions (644/755), or you don't ship > them at all. > OK > And there is no use to provide them as update candidates, mainly because this > kind of problem doesn't qualify for an update, which are reserved for security > issues and heavy problems. I have quota-4.00 (current in Cauldron is 3.17) ready to commit, however I don't want to commit, if there is no chance of it being pushed due to freeze. There were several patches that needed removing or re-making, this permissions bug is fixed upstream in 4.00. Alternatively I can fix this bug in 3.17 for Cauldron. WDYT? Answered on IRC - fixed in Cauldron for version 3.17. Status:
NEW =>
RESOLVED |