conda should respect umask when installing package files (world-writable files) #12829
Labels
in-progress
issue is actively being worked on
¡security!
used to indicate a security vulnerability
severity::2
critical; broken functionality with an unacceptably complex workaround
source::community
catch-all for issues filed by community members
type::bug
describes erroneous operation, use severity::* to classify the type
Milestone
What happened?
When packages are downloaded and extracted their permissions are left as is. This has caused select packages to contain world writable files. While this is ultimately a packaging issue of sorts (permissions for files in a package should be set correctly during building) we need to guard against these mistakes during installation.
Furthermore it's reasonable for us to adhere to the user's
umask
value instead of making assumptions.Prior discussion: #7227 (comment)
Xref: #7057
Xref: #8200
Conda Details
conda info
conda config
conda list
The text was updated successfully, but these errors were encountered: