FS#32909 - [hplip] world writable directories in /var/log?
Attached to Project:
Arch Linux
Opened by jstjohn (jstjohn) - Friday, 30 November 2012, 00:49 GMT
Last edited by Tom Gundersen (tomegun) - Wednesday, 05 December 2012, 12:43 GMT
Opened by jstjohn (jstjohn) - Friday, 30 November 2012, 00:49 GMT
Last edited by Tom Gundersen (tomegun) - Wednesday, 05 December 2012, 12:43 GMT
|
Details
Description: When updating from hplip-3.12.10.a-3 to
hplip-3.12.11-1, pacman warned that the permissions differed
between the file system and the package for the directory
/var/log/hp/ (filesystem: 774 package: 777). /var/log/hp/ is
owned by root:lp. The update also created (I think) the
world writable subdirectory /var/log/hp/tmp/.
This is probably an upstream bug because there is nothing in the PKGBUILD or the latest packaging commit that affects the permissions of /var/log/hp/ and /var/log/hp/tmp/. Additional info: * package version: 3.12.11-1 |
This task depends upon
Comment by Tom Gundersen (tomegun) -
Friday, 30 November 2012, 12:58 GMT
Comment by Tom Gundersen (tomegun) -
Friday, 30 November 2012, 14:28 GMT
This seems to be intentional (which is of course crazy, but means
simply reverting it is not an option):
https://bugs.launchpad.net/archlinux/+bug/1016507
I'm pushing a new version without the world-writeable bit set.
Might be bad, but better than exploits.