Bug#751138: libscrappy-perl: creates files with crazy access rights
gregor herrmann
gregoa at debian.org
Tue Jun 10 18:43:08 UTC 2014
On Tue, 10 Jun 2014 19:48:45 +0200, Jonas Smedegaard wrote:
> Running this command:
>
> scrappy generate script foo
>
> ...and then inspecting the resulting script file:
>
> ls -la foo.pl
>
> ...results in this:
>
> --w----r-T 1 jonas jonas 856 jun 10 19:38 foo.pl
Heh :)
Seems this happens in lib/Scrappy/Action/Generate.pm:
File::Util->new->write_file(
'file' => "$script_name.pl",
'bitmask' => 644,
'content' => strip tt q{
#!/usr/bin/perl
From File::Util::Manual:
$ftl->write_file(
{
file => '/gotham/city/ballots/Bruce_Wayne.txt',
content => 'Vote for Harvey!',
bitmask => oct 600, # <- secret ballot file permissions
}
);
Attempts to write [string] to [file name] in mode [mode]. If the file does not yet exist it
will be created, and it will be created with a bitmask of [bitmask] if you specify a file
creation bitmask using the 'bitmask' option, otherwise the file will be created with the
default bitmask of oct 777. The bitmask is combined with the current user's umask, whether
you specify a value or not. This is a function of Perl, not File::Util.
Let's try something:
% cat bitmask.pl
#!/usr/bin/perl
use strict;
use warnings;
use File::Util;
File::Util->new->write_file(
'file' => '644.pl',
'bitmask' => 644,
'content' => '644',
);
File::Util->new->write_file(
'file' => 'oct-644.pl',
'bitmask' => oct 644,
'content' => 'oct 644'
);
File::Util->new->write_file(
'file' => '0644.pl',
'bitmask' => 0644,
'content' => '0644'
);
% perl bitmask.pl
% ls -la *644*.pl
-rw-r--r-- 1 gregoa gregoa 4 Jun 10 20:37 0644.pl
--w----r-T 1 gregoa gregoa 3 Jun 10 20:37 644.pl
-rw-r--r-- 1 gregoa gregoa 7 Jun 10 20:37 oct-644.pl
Better :)
> I believe the correct thing would be for the generated file to be
> readable and executable by anyone and writable by user and group - or
> more precisely to use the default access rights and add +x.
"'bitmask' => 644" is used in several places in
lib/Scrappy/Action/Generate.pm; I guess prefixing it with "oct" would
be a good first step; for the .pl file changing it to 755 might also
be an idea ...
Cheers,
gregor, cc'ing Lubo, who's already provided some patches when
preparing the package
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/
`. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
`- NP: Cat Stevens: Rubylove
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 928 bytes
Desc: Digital Signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20140610/2810a8fe/attachment.sig>
More information about the pkg-perl-maintainers
mailing list