36 lines
1.6 KiB
Text
36 lines
1.6 KiB
Text
- Fix insecure permissions for directories in distfile build tree. CVE-2009-4029
|
|
- Fix insecure permissions used for the top of the distfile build tree. CVE-2012-3386
|
|
|
|
--- lib/am/distdir.am.orig Thu Jul 19 15:12:01 2012
|
|
+++ lib/am/distdir.am Thu Jul 19 15:37:07 2012
|
|
@@ -190,11 +190,7 @@ if %?DIST-TARGETS%
|
|
endif %?DIST-TARGETS%
|
|
##
|
|
## This complex find command will try to avoid changing the modes of
|
|
-## links into the source tree, in case they're hard-linked. It will
|
|
-## also make directories writable by everybody, because some
|
|
-## brain-dead tar implementations change ownership and permissions of
|
|
-## a directory before extracting the files, thus becoming unable to
|
|
-## extract them.
|
|
+## links into the source tree, in case they're hard-linked.
|
|
##
|
|
## Ignore return result from chmod, because it might give an error
|
|
## if we chmod a symlink.
|
|
@@ -207,7 +203,7 @@ endif %?DIST-TARGETS%
|
|
## the file in place in the source tree.
|
|
##
|
|
if %?TOPDIR_P%
|
|
- -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
|
|
+ -find $(distdir) -type d ! -perm -755 -exec chmod u+rwx,go+rx {} \; -o \
|
|
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
|
|
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
|
|
! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
|
|
@@ -318,7 +314,7 @@ distcheck: dist
|
|
## Make the new source tree read-only. Distributions ought to work in
|
|
## this case. However, make the top-level directory writable so we
|
|
## can make our new subdirs.
|
|
- chmod -R a-w $(distdir); chmod a+w $(distdir)
|
|
+ chmod -R a-w $(distdir); chmod u+w $(distdir)
|
|
mkdir $(distdir)/_build
|
|
mkdir $(distdir)/_inst
|
|
## Undo the write access.
|