Bug#314832: unzip: Patch to add proper Unix umask support

[Ben Wong]

Additional information: I have attempted to submit my patch to the
upstream maintainer at the only public contact address available,
http://www.info-zip.org/zip-bug.html. Sadly, their bug reporting CGI
script appears to have a bug. Every attempt I made was responded to
with the message "Error: Spammer stay away!". :-(

--Ben

On Wed, Jun 25, 2008 at 5:06 AM, Benjamin Wong <[EMAIL PROTECTED]> wrote:
> Package: unzip
> Version: 5.52-11
> Followup-For: Bug #314832
>
>
> The current version of unzip has an annoying bug where it creates
> files world readable and writable. The user's umask preferences are
> ignored.
>
> I have made a small patch which fixes that bug. Note that the old,
> broken behavior can still be had by using the -K flag. My patch should
> be simple to verify as correct; it merely ANDs the ~umask before
> running chmod.
>
> --Ben
>
> --- unix/unix.c.orig    2008-06-25 04:09:33.000000000 -0700
> +++ unix/unix.c 2008-06-25 04:47:20.000000000 -0700
> @@ -308,15 +308,23 @@
>  * It's possible that a file in an archive could have one of these bits set
>  * and, unknown to the person unzipping, could allow others to execute the
>  * file as the user or group.  The new option -K bypasses this check.
> + *
> + * Additionally, this function is now used to make unzip obey the Unix
> + * umask by default. Again, this can be overridden with the -K flag.
>  */
>
>  static unsigned filtattr(__G__ perms)
>     __GDEF
>     unsigned perms;
>  {
> -    /* keep setuid/setgid/tacky perms? */
> -    if (!uO.K_flag)
> +    mode_t mask = umask ( 0 );
> +    umask(mask);
> +
> +    /* keep setuid/setgid/tacky perms? ignore umask? */
> +    if (!uO.K_flag) {
>         perms &= ~(S_ISUID | S_ISGID | S_ISVTX);
> +        perms &= ~mask;                /* Obey the unix umask */
> +    }
>
>     return (0xffff & perms);
>  } /* end function filtattr() */
>
>
>
>
> -- System Information:
> Debian Release: lenny/sid
>  APT prefers testing
>  APT policy: (500, 'testing'), (200, 'unstable')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.22 (PREEMPT)
> Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages unzip depends on:
> ii  libc6                         2.7-10     GNU C Library: Shared libraries
>
> unzip recommends no packages.
>
> -- no debconf information
>
>
>



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]