Funky doc perms for util-linux-ng (stock Slackware package)
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Funky doc perms for util-linux-ng (stock Slackware package)
I just realized today that the files under /usr/doc/adjtimex-1.23/, which are from the stock Slackware 12.1 util-linux-ng-2.13.1-i486-1 package have uid and gid 1000!
Could someone with Slackware 12.1 do a quick
Code:
ls -l /usr/doc/adjtimex-1.23/
to let me know if others have this problem. If you do then I need to send a bug report to Pat.
It can happen when a build script is run on source files with non-root perms. If cp -a is used, for instance, instead of cat then you have to manually change the ownership to root.
Edit:
I sent Robby a notice of the problem.
Last edited by shadowsnipes; 10-15-2008 at 01:32 AM.
/usr/doc/adjtimex-1.23 directory permissions are set to 0755 root/root
and the files in this directory are set to 0644 1000/1000
(on my system, slackware 12.1, not current)
Thanks for the report, Phil. I think I recall someone mentioning this before, and my opinion then and now is that it's not really critical at all - it's just docs, so the worst thing that can happen is uid 1000 can edit them. Either way, an updated package isn't justified IMHO.
As for how it happened, oversight on my part - I missed that before I pushed my local repo to Pat, so don't blame him :-)
Thanks for the report, Phil. I think I recall someone mentioning this before, and my opinion then and now is that it's not really critical at all - it's just docs, so the worst thing that can happen is uid 1000 can edit them. Either way, an updated package isn't justified IMHO.
As for how it happened, oversight on my part - I missed that before I pushed my local repo to Pat, so don't blame him :-)
It's easy to do. I actually did it on the whaw SlackBuild I submitted recently and you fixed it for me
The main reason it concerns me is for people running servers and such. A potentially malicious user could fill up / and grind it to a halt. However, seeing as how the uid is 1000 it is unlikely that it will correspond to some random malicious user.
If nothing else, I just wanted people to be aware of this. Perhaps a quick note on the Security mailing list would be worthwhile? Perhaps this thread is enough.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.