Commit
Switch to correctMkdir as much as possible to ensure that permissions on directories are correct.
- Loading branch information
There are no files selected for viewing
6 comments
on commit 94227e1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See #19883 for a potential problem with this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is correctMkdir()
? How is that naming convention any better? Why not just name it betterMkdir()
or aksjdfkajsdfkj()
while you're at it, since both of those are equally as terrible at describing what the function does differently than mkdirp
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a quick question: Isn't the problem in the setPermissions function which recursively changes ownership from given path? And somehow /
is passed to that setPermissions function? I'm not seeing how using correctMkDir() at multiple places does prevent this. And the added stats property is in a different code branch than setPermission.
Is there a guide to reproduce the error introduced in 5.7.0
? Is there any testcase?
Now that correctMkDirp is used in multiple places after this commit I'd like to test it a bit more thoroughly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FAIL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@posixpascal #19883 (comment) the original issue seems to have a lot of info, but it seems like any npm command that is 1) prefixed with sudo
and 2) run as a non-root user will change permissions on root directories like /etc and /bin. So spinning up a node docker container, adding a non-root sudo user, and running sudo npm --help
or whatever other command should reproduce the issue on 5.7.0
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When correctMkdir
turn into corruptedMkdir
. 😛
so true :-)