|
Date: Fri, 2 Feb 2024 13:42:24 +1100 From: Tim Cuthbertson <tim@...monk.net> To: Rich Felker <dalias@...c.org> Cc: musl@...ts.openwall.com Subject: Re: Bug: installed symlinks are unreadable on MacOS Ah that makes sense, attached an updated patch. I don't know whether the `umask 077` after making the symlink is strictly necessary but it might avoid nasty surprises later on in the script. Cheers, - Tim On Thu, 1 Feb 2024 at 10:32, Rich Felker <dalias@...c.org> wrote: > On Thu, Feb 01, 2024 at 09:39:56AM +1100, Tim Cuthbertson wrote: > > Yeah, setting it to `chmod 000` in just the symlink branch seems good to > me > > too. > > > > Looking at the script more closely, `mode` is always set and so I'm > unclear > > why there is also a `umask 077` at all. Whatever permissions we create > the > > file with, we `chmod` it explicitly before doing anything else. > > > > Is that line just there to undo the potential change to `umask` in the > > mkdirp branch? If so, maybe that should be done explicitly by capturing > the > > old umask? e.g: > > No, it's so that the install.sh never exposes a file to users who > should not have access to it via the existing umask being more > permissive than the requested install mode. Normally this does not > matter for use as part of musl's install process, but the script is > written to be general and not have security bugs like that. > > Rich > Content of type "text/html" skipped Download attachment "musl-chmod.patch" of type "application/octet-stream" (536 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.