FS#53016 - [bftpd] Executable installed with wrong permissions

Attached to Project: Arch Linux
Opened by Wilhelm Schuster (wlhlm) - Saturday, 18 February 2017, 22:48 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 21 February 2017, 15:47 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
The executable file for the bftpd package is installed with the wrong permissions: 700 instead of 755.

Here is an excerpt from the .MTREE file (from x86_64 package):

./usr/bin/bftpd time=1414707741.215461889 mode=700 size=73352 md5digest=6f3b7690f7c17d9020c382c5dadf6324 sha256digest=d860f1c6ed3a6fe199b9bafcd46106f6a2de663a5427bfa438a8ba1376185a2c

Additional info:
bftpd 4.4-1
This task depends upon

Closed by  Doug Newgard (Scimmia)
Tuesday, 21 February 2017, 15:47 GMT
Reason for closing:  Upstream
Comment by Doug Newgard (Scimmia) - Monday, 20 February 2017, 15:22 GMT
And why is this wrong?
Comment by Wilhelm Schuster (wlhlm) - Monday, 20 February 2017, 16:11 GMT
700 Means that it is impossible for non-root users to run the /usr/bin/bftpd executable. bftpd /can/ be run as non-root, so setting 755 is appropriate here. Also 755 generally seems to be the permissions for executables in /usr/bin as, on my system, everything in /usr/bin (except for bftpd) has 755 permissions.

BTW, /etc/bftpd.conf is installed 600, which is odd as well as the generally configuration files have 644 and the bftpd config file does not include any sensitive information that should be hidden from non-root users.
Comment by Doug Newgard (Scimmia) - Tuesday, 21 February 2017, 15:47 GMT
If it can be run as non-root, I'm not sure why upstream would install it as 700, and those permissions are coming from upstream.

I also don't really have anyone to assign this to.

Loading...