FS#32909 - [hplip] world writable directories in /var/log?

Attached to Project: Arch Linux
Opened by jstjohn (jstjohn) - Friday, 30 November 2012, 00:49 GMT
Last edited by Tom Gundersen (tomegun) - Wednesday, 05 December 2012, 12:43 GMT
Task Type Bug Report
Category Upstream Bugs
Status Closed
Assigned To Andreas Radke (AndyRTR)
Tom Gundersen (tomegun)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description: When updating from hplip-3.12.10.a-3 to hplip-3.12.11-1, pacman warned that the permissions differed between the file system and the package for the directory /var/log/hp/ (filesystem: 774 package: 777). /var/log/hp/ is owned by root:lp. The update also created (I think) the world writable subdirectory /var/log/hp/tmp/.

This is probably an upstream bug because there is nothing in the PKGBUILD or the latest packaging commit that affects the permissions of /var/log/hp/ and /var/log/hp/tmp/.

Additional info:
* package version: 3.12.11-1
This task depends upon

Closed by  Tom Gundersen (tomegun)
Wednesday, 05 December 2012, 12:43 GMT
Reason for closing:  Fixed
Comment by Tom Gundersen (tomegun) - Friday, 30 November 2012, 12:58 GMT
This seems to be intentional (which is of course crazy, but means simply reverting it is not an option): https://bugs.launchpad.net/archlinux/+bug/1016507
Comment by Tom Gundersen (tomegun) - Friday, 30 November 2012, 14:28 GMT
I'm pushing a new version without the world-writeable bit set. Might be bad, but better than exploits.

Loading...