NetBSD Problem Report #49798
From wiz@yt.nih.at Mon Mar 30 08:57:56 2015
Return-Path: <wiz@yt.nih.at>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id A3549A582D
for <gnats-bugs@gnats.NetBSD.org>; Mon, 30 Mar 2015 08:57:56 +0000 (UTC)
Message-Id: <20150330085619.D737F2AC11D@yt.nih.at>
Date: Mon, 30 Mar 2015 10:56:19 +0200 (CEST)
From: Thomas Klausner <wiz@NetBSD.org>
Reply-To: Thomas Klausner <wiz@NetBSD.org>
To: gnats-bugs@NetBSD.org
Subject: unzip: Infozip compatibility: file permissions
X-Send-Pr-Version: 3.95
>Number: 49798
>Category: bin
>Synopsis: unzip: Infozip compatibility: file permissions
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Mar 30 09:00:00 +0000 2015
>Last-Modified: Mon Mar 30 12:15:01 +0000 2015
>Originator: Thomas Klausner
>Release: NetBSD 7.99.7
>Organization:
Curiosity is the very basis of education and if you tell me that
curiosity killed the cat, I say only that the cat died nobly.
- Arnold Edinborough
>Environment:
Architecture: x86_64
Machine: amd64
>Description:
When unpacking zip files, NetBSD unzip is rather permissive and adds
e.g. executable bits to files. (The code is trying to work around issues
with included directories that don't have the x bit set and corresponding problems
when files should be unpacked there.)
The problem is that this sometimes affects files (not only directories) that
are installed via pkgsrc and then have the wrong permissions, about which
checkperms (i.e., a part of PKG_DEVELOPER=1) complains.
>How-To-Repeat:
Build e.g. security/py-keyring with PKG_DEVELOPER=1. See
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/PKG-INFO: executable bit is set on non-executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/SOURCES.txt: executable bit is set on non-executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/dependency_links.txt: too small to be a valid executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/entry_points.txt: executable bit is set on non-executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/requires.txt: executable bit is set on non-executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/top_level.txt: executable bit is set on non-executable file.
Can also be tested directly by unpacking keyring-5.3.zip, the distfile for that
package.
When unpacked with InfoZIP unzip:
# ll keyring-5.3/keyring.egg-info
total 50
drwxrwxr-x 2 wiz users 512 Mar 30 10:54 .
drwxrwxr-x 4 wiz users 512 Mar 30 10:54 ..
-rw-rw-rw- 1 wiz users 35333 Feb 25 12:08 PKG-INFO
-rw-rw-rw- 1 wiz users 1643 Feb 25 12:08 SOURCES.txt
-rw-rw-rw- 1 wiz users 1 Feb 25 12:08 dependency_links.txt
-rw-rw-rw- 1 wiz users 46 Feb 25 12:08 entry_points.txt
-rw-rw-rw- 1 wiz users 37 Feb 25 12:08 requires.txt
-rw-rw-rw- 1 wiz users 8 Feb 25 12:08 top_level.txt
When unpacked with NetBSD unzip:
# ll keyring-5.3/keyring.egg-info
total 50
drwxr-xr-x 2 wiz users 512 Mar 30 10:55 .
drwxr-xr-x 4 wiz users 512 Mar 30 10:55 ..
-rwxrwxr-x 1 wiz users 35333 Feb 25 12:08 PKG-INFO
-rwxrwxr-x 1 wiz users 1643 Feb 25 12:08 SOURCES.txt
-rwxrwxr-x 1 wiz users 1 Feb 25 12:08 dependency_links.txt
-rwxrwxr-x 1 wiz users 46 Feb 25 12:08 entry_points.txt
-rwxrwxr-x 1 wiz users 37 Feb 25 12:08 requires.txt
-rwxrwxr-x 1 wiz users 8 Feb 25 12:08 top_level.txt
>Fix:
Please!
>Audit-Trail:
From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/49798: unzip: Infozip compatibility: file permissions
Date: Mon, 30 Mar 2015 11:13:51 +0200
On Mon, Mar 30, 2015 at 09:00:00AM +0000, Thomas Klausner wrote:
> When unpacking zip files, NetBSD unzip is rather permissive and adds
> e.g. executable bits to files. (The code is trying to work around issues
> with included directories that don't have the x bit set and corresponding problems
> when files should be unpacked there.)
That's only for directories and not for files. For files, the frontend uses
whatever is in the zipfile. The backend on the other defaults to 0777
for now, which also makes sense as zip files behave like MSDOS file
systems in that regard...
Joerg
From: Thomas Klausner <wiz@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/49798: unzip: Infozip compatibility: file permissions
Date: Mon, 30 Mar 2015 11:23:10 +0200
On Mon, Mar 30, 2015 at 09:15:00AM +0000, Joerg Sonnenberger wrote:
> That's only for directories and not for files.
Ok.
> For files, the frontend uses
> whatever is in the zipfile. The backend on the other defaults to 0777
> for now, which also makes sense as zip files behave like MSDOS file
> systems in that regard...
The files in the zip file I mention have zip external attributes of
"81B60000". I.e. the higher bytes are, in octal, 100666, which it
seems Infozip unzip expands to "rw-rw-rw-".
Thomas
From: Thomas Klausner <wiz@NetBSD.org>
To: NetBSD bugtracking <gnats-bugs@NetBSD.org>
Cc:
Subject: Re: bin/49798: unzip: Infozip compatibility: file permissions
Date: Mon, 30 Mar 2015 14:11:24 +0200
See also the unfixed FreeBSD PR about the same problem, from 2011:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=162189
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.