Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#32909 - [hplip] world writable directories in /var/log?
Attached to Project:
Arch Linux
Opened by jstjohn (jstjohn) - Friday, 30 November 2012, 00:49 GMT
Last edited by Tom Gundersen (tomegun) - Wednesday, 05 December 2012, 12:43 GMT
Opened by jstjohn (jstjohn) - Friday, 30 November 2012, 00:49 GMT
Last edited by Tom Gundersen (tomegun) - Wednesday, 05 December 2012, 12:43 GMT
|
DetailsDescription: When updating from hplip-3.12.10.a-3 to hplip-3.12.11-1, pacman warned that the permissions differed between the file system and the package for the directory /var/log/hp/ (filesystem: 774 package: 777). /var/log/hp/ is owned by root:lp. The update also created (I think) the world writable subdirectory /var/log/hp/tmp/.
This is probably an upstream bug because there is nothing in the PKGBUILD or the latest packaging commit that affects the permissions of /var/log/hp/ and /var/log/hp/tmp/. Additional info: * package version: 3.12.11-1 |
This task depends upon
Comment by Tom Gundersen (tomegun) -
Friday, 30 November 2012, 12:58 GMT
This seems to be intentional (which is of course crazy, but means simply reverting it is not an option): https://bugs.launchpad.net/archlinux/+bug/1016507
Comment by Tom Gundersen (tomegun) -
Friday, 30 November 2012, 14:28 GMT
I'm pushing a new version without the world-writeable bit set. Might be bad, but better than exploits.