Skip to content

Commit

Permalink
add umask statement to prevent creation of insecure tmp directories
Browse files Browse the repository at this point in the history
  • Loading branch information
Dominik Russenberger committed May 19, 2011
1 parent 050d432 commit 842dedf
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions makeself-header.sh
View file
Expand Up @@ -2,6 +2,8 @@ cat << EOF > "$archname"
#!/bin/sh
# This script was generated using Makeself $MS_VERSION
umask 077
CRCsum="$CRCsum"
MD5="$MD5sum"
TMPROOT=\${TMPDIR:=/tmp}
Expand Down

3 comments on commit 842dedf

@approximate
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this umask causes the extracted directory to have 700 permissions. This might be good for the temp directory, but not for the target directory, since ALL files under the temp will have 700 permissions. In effect this does "chmod go-rwx" for all files -- probably not the desired effect.

@grepsedawk
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually having this issue now.
I am trying it with that line removed now. I will let you all know how it goes.
Basis:
Unpack tar, install script installs some stuff then copies to /var/www/html.
Wrong permissions mean no apache.

@grepsedawk
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking about making a flag to turn this feature off on build.

Please sign in to comment.