Ticket #1227 (new defect)

Opened 1 year ago

Last modified 1 year ago

downloadable tar.gz has the wrong permissions on it's directories

Reported by: lighttpd Assigned to: jan
Priority: normal Milestone: 1.5.0
Component: core Version: 1.4.15
Severity: normal Keywords: security
Cc: Blocking:
Need Feedback:

Description

The downloadable tar.gz of the source of lighttpd 1.4.15 (and 1.4.13) has world writable directories in it. This could be a security flaw on a shared machine as someone could pollute the source before it was built.

Attachments

Change History

06/08/2007 02:37:42 PM changed by Olaf van der Spek

Part of the problem is that you/tar is depending on the permissions in the .tar while there's no need to depend on them.

06/10/2007 08:23:43 AM changed by darix

what umask do you have?

Add/Change #1227 (downloadable tar.gz has the wrong permissions on it's directories)




Change Properties