emacs installs a lot of 777 directories

Thu Mar 19 05:16:19 PDT 2009

On Thu, 19 Mar 2009 12:26:06 +0200, Nikos Ntarmos <ntarmos at cs.uoi.gr> wrote:
>On Sun, Mar 15, 2009 at 09:30:44PM +0200, Giorgos Keramidas wrote:
>>On Fri, 6 Mar 2009 23:56:10 +0100 (CET), freebsd001 at pc.jgr.de wrote:
>>> Dear list members,
>>>
>>> I am not only wondering about the permissions of several emacs-related
>>> directories as it has recently been mentioned in this thread, but also
>>> about the ownership of several emacs-related files.
>>
>> This seems to be a local installation glitch.
>>
>>>>find . -not -user root | head -n 3
>>> ./emacs/22.3/etc
>>> ./emacs/22.3/etc/GNUS-NEWS
>>> ./emacs/22.3/etc/fr-drdref.ps
>>>
>>>>find . -not -user root | wc -l
>>>     2643
>
> That's probably due to the fact that emacs uses something along the
> lines of 'tar -chf - ... | tar -xvf - ...' to copy the files, followed
> (in some cases) by a chown to $LOGNAME (or if that is not set, to
> $USERNAME). If you just 'su', LOGNAME remains set to what it was
> before (i.e. nutzer), while 'su -' will clear that out.

Yep, that's exactly what the Emacs build glue does.

One of the directories mentioned in the permission listings of the
thread includes `leim/'.  The source of `emacs/leim/Makefile.in'
installs files with tar and chown:

    240             tar -chf - quail/* ja-dic \
    241                 | (cd ${INSTALLDIR}; umask 0; tar -xvf - && cat > /dev/null) ;\
    ...
    264         find ${INSTALLDIR} -exec chown $${installuser} '{}' ';'

There are probably better ways to install a configurable list of files,
i.e. by using a `manifest' of some sort and piping the list through
xargs to ${INSTALLDIR} and ${INSTALLDATA} macros.  This would require
extensive changes to the vendor source though.  It may be worth the
effort if someone is interested to hack Emacs sources, so anyone
interested in this sort of change to the GNU sources of Emacs should try
taking this up with the `emacs-devel' mailing list.  That's the right
place to discuss potential improvements to Emacs sources, so that all
the other platforms where Emacs works can benefit too :-)

Having said that, fixing the makefiles of Emacs won't really solve the
potential problems of *all* ports when plain `su' is used to install
ports.  So while it it a good idea for someone who wants to start
hacking Emacs code, the general rule of "install only with `su -'" still
applies for every other port in our tree.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20090319/50b4c802/attachment.pgp