Package: unzip
Version: 5.52-11
Followup-For: Bug #314832
The current version of unzip has an annoying bug where it creates
files world readable and writable. The user's umask preferences are
ignored.
I have made a small patch which fixes that bug. Note that the old,
broken behavior can still be had by using the -K flag. My patch should
be simple to verify as correct; it merely ANDs the ~umask before
running chmod.
--Ben
--- unix/unix.c.orig 2008-06-25 04:09:33.000000000 -0700
+++ unix/unix.c 2008-06-25 04:47:20.000000000 -0700
@@ -308,15 +308,23 @@
* It's possible that a file in an archive could have one of these bits set
* and, unknown to the person unzipping, could allow others to execute the
* file as the user or group. The new option -K bypasses this check.
+ *
+ * Additionally, this function is now used to make unzip obey the Unix
+ * umask by default. Again, this can be overridden with the -K flag.
*/
static unsigned filtattr(__G__ perms)
__GDEF
unsigned perms;
{
- /* keep setuid/setgid/tacky perms? */
- if (!uO.K_flag)
+ mode_t mask = umask ( 0 );
+ umask(mask);
+
+ /* keep setuid/setgid/tacky perms? ignore umask? */
+ if (!uO.K_flag) {
perms &= ~(S_ISUID | S_ISGID | S_ISVTX);
+ perms &= ~mask; /* Obey the unix umask */
+ }
return (0xffff & perms);
} /* end function filtattr() */
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.22 (PREEMPT)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages unzip depends on:
ii libc6 2.7-10 GNU C Library: Shared libraries
unzip recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
