James R. Van Zandt wrote: > Matt Swift <[EMAIL PROTECTED]> writes: > ... > >In the source package, the file ./debian/PVER-elisp.install.in > >contains the lines: > > > > ELCDIR=/usr/share/$FLAVOR/site-lisp/$PACKAGE > > [...] > > LOG=`tempfile` > > [...] > > $FLAVOR $BATCHFLAGS $PRELOADS $COMPILE >>$LOG 2>&1 > > [...] > > mv -f $LOG $ELCDIR/install.log > > > >The default mode of a file created by "tempfile" is 600 -- this is > >how the file with the inappropriate mode is first created. > > However, I think substituting > > LOG=`tempfile -m 644` > > would introduce a security bug. > > Instead, I propose that > > chmod 644 $ELCDIR/install.log > > should be appended.
What I don't understand is why those .log files have to be created. The example `install' script in debian-emacs-policy does not create it, so the most simple way to avoid these files being 600 would be to not create them at all.
