From xemacs-m  Tue Apr  1 16:53:54 1997
Received: from altair.xemacs.org (steve@xemacs.miranova.com [206.190.83.19])
	by xemacs.org (8.8.5/8.8.5) with ESMTP id QAA26027
	for <xemacs-beta@xemacs.org>; Tue, 1 Apr 1997 16:53:52 -0600 (CST)
Received: (from steve@localhost)
	by altair.xemacs.org (8.8.5/8.8.5) id PAA17080;
	Tue, 1 Apr 1997 15:06:27 -0800
Mail-Copies-To: never
To: xemacs-beta@xemacs.org
Subject: Re: A security hole during XEmacs installation
References: <kig7mipznnu.fsf@jagor.srce.hr>
X-Url: http://www.miranova.com/%7Esteve/
X-Face: #!T9!#9s-3o8)*uHlX{Ug[xW7E7Wr!*L46-OxqMu\xz23v|R9q}lH?cRS{rCNe^'[`^sr5"
 f8*@r4ipO6Jl!:Ccq<xoV[Qz2u8<8-+Vwf2gzJ44lf_/y9OaQ`@#Q65{U4/TC)i2`~/M&QI$X>p:9I
 OSS'2{-)-4wBnVeg0S\O4Al@)uC[pD|+
X-Attribution: sb
From: Steven L Baur <steve@miranova.com>
In-Reply-To: Hrvoje Niksic's message of 30 Mar 1997 12:20:37 +0200
Mime-Version: 1.0 (generated by tm-edit 7.106)
Content-Type: text/plain; charset=US-ASCII
Date: 01 Apr 1997 15:06:25 -0800
Message-ID: <m2raguibri.fsf@altair.xemacs.org>
Lines: 17
X-Mailer: Gnus v5.4.39/XEmacs 20.1(beta11)

Hrvoje Niksic writes:

> When a user (e.g. `hniksic') compiles XEmacs, when root does a
> `make install', many files are left in hniksic's ownership.  This
> includes most (all?) of the lisp/ and etc/ directories.  This means
> that the mentioned user can keep changing the site-wide stuff.
> Looking back, I see that the bug has been there since before 19.14.

> We may wish to fix it for 20.1, though.

Yup.  I hadn't realized this before.  The badness comes from copying
the lisp directories with tar instead of cp (presumably to preserve
time stamps?).  How does one portably say `ignore file ownership' in
tar?  Gnu tar has --same-owner, Solaris has -o, SCO has -p.  Grrr.
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be billed at $250/message.

