You wouldn't like your /usr/bin to go 'rw-r--r--', would you? (that line would allow this, if I'm not wrong)
In theory yes but I don't expect any install script to create a directory without execute permission. Nevertheless, if namcap was to check permissions, it would be even better to secure against possible stupid scripts.
]]>You wouldn't like your /usr/bin to go 'rw-r--r--', would you? (that line would allow this, if I'm not wrong)
]]>tar tvzf package.pkg.tar.gz | egrep -v 'rw-r--r--|rwxr-xr-x'
EDIT: And maybe it's a good idea to add this check to namcap.
]]>The way I fixed it:
Started mc, entered the .pkg.tar.gz, looked at each dir in the archive and manually modified the corresponding dir's permissions on my disk.
Now, I would do it in a 'smarter' way.
1. I would unpack the .pkg.tar.gz to.. let's say /tmp/pkg.
2. "find /tmp/pkg -type d -exec chmod 755 {} ;"
3. move the contents of /tmp/pkg to /
(this does not work for 'special' dirs which don't have 755 permission)
I would have the permissions set back to normal.
I could uninstall the package, fix it and install it back.
Hmm.. it might work only by reinstalling the fixed package...
The install script does a umask 077 before it creates directories. So the directories created in the pkg dir are all chmod'ed 700. The package builds, and out pops the package.
I install it.
*queue explosion sounds*
Apparently all the permissions on the directories that were created are overwritten. That means my /usr, and my /var directories are now all chmod 700. Not good. Any directory that is present in the pkgbuild, gets overwritten by pacman somehow. Permissions are all changed.
Is this a bug, or is it supposed to be that way?
I realized my error, and am now in the process of fixing my system. Thankfully I have a build/test box for this kind of thing..
sudo pacman --noconfirm -Sy `sudo pacman -Q | awk '{print $1" "}' | tr -d "n"`
heh. lets see where the above gets me. If the permissions were overwritten once, maybe they will be again..
]]>