[tex-live] Permission bits of installed packages

Zdenek Wagner zdenek.wagner at gmail.com
Thu Mar 12 10:57:38 CET 2015


Hi all,

this is the question of what you think about computer's root and security.
If you thing that the root knows what he/she is doing and understands
security, you must honour settings done by the root. If you think that you
are cleverer that the root and you think that security setting made by the
root are not important to you, you can do anything you wish to intrude into
the system. If a tool changes umask without being explicitely asked to do
it, it is not a godd feature but quite a dangerous vulnerability.

Zdeněk Wagner
http://hroch486.icpf.cas.cz/wagner/
http://icebearsoft.euweb.cz

2015-03-12 5:39 GMT+01:00 Mohammad Akhlaghi <akhlaghi at gnu.org>:

> On 03/11/2015 11:14 PM, Norbert Preining wrote:
>
>> Recently I set my umask to 077 (in /etc/profile.d). The next time I
>>>
>> [...]
>>
>>> So I wanted to ask if it is possible to correct the permission bits
>>> (maybe to 755) during installation so the result doesn't depend on
>>> the user's umask?
>>>
>> It is not only the user's umask, but also the one of root. If you don't
>> want this, then you have to make sure that what you put in profile.d/*
>> is proper.
>>
>> Sorry, we will not override permissions that root has set via umask.
>>
>> A simple solution for this is
>> * either install TeX Live as user and not as root (-> no need for sudo)
>> * or give root proper umask, an umask of 077 for root is *very* bad idea
>>
>>  I understand, I just wanted to say that most other build systems ignore
> the umask, for example here is a build script (after running "make
> install") of a program named astmkprof (which uses GNU Autoconf and GNU
> Automake):
>
>     libtool: install: /usr/bin/install -c astmkprof
> /usr/local/bin/astmkprof
>      /usr/bin/mkdir -p '/usr/local/etc'
>      /usr/bin/install -c -m 644 astmkprof.conf '/usr/local/etc'
>      /usr/bin/mkdir -p '/usr/local/share/man/man1'
>      /usr/bin/install -c -m 644 astmkprof.1 '/usr/local/share/man/man1'
>
> Before install this was the long listing for astmkprof:
>
>    $ ls -l astmkprof
>    -rwx------ 1 myuserid myuserid 3743200 Mar 12 13:26 astmkprof
>
> After install it is:
>
>    $ ls -l /usr/local/bin/astmkprof
>    -rwxr-xr-x 1 root     root      3743200 Mar 12 13:27 astmkprof
>
> You can see that the GNU Build system (which is widely used by nearly all
> users of GNU/Linux distributions and other OSs) explicitly sets the
> permission bits on install and does not rely on the value of umask (you can
> see that its default is "rwxr-xr-x"). As you can see, it also does this for
> the man page. Infact from the manual of GNU Coreutils, this is the whole
> purpose of the "install" program, otherwise the build script would simply
> have used "cp".
>
> So my question is that while most other components of the operating system
> (which use Autoconf and Automake) don't rely on or ignore the "permissions
> that root has set via umask", why does Tex live rely on it?
>
> I understand that it might be an internal convention for Texinfo, I just
> don't understand its relevance given that other major programs ignore umask.
>
> Thank you very much,
> Mohammad
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tug.org/pipermail/tex-live/attachments/20150312/8f46e928/attachment-0001.html>


More information about the tex-live mailing list