do not put world-writable directories in distribution tarballs

* lib/am/distdir.am (distdir): Do not make all directories
group- or world-writable.  Instead, use 755.
* tests/subpkg4.test (test-distdir-is-readable): Check for new,
more restricted permissions.

diff --git a/ChangeLog b/ChangeLog
index 37168e59c4675b653780a1d7929aa0339b5d8754..ca526c80b62e221cc86a324ae727e162563b7ecc 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2009-11-28  Jim Meyering  <meyering@redhat.com>
+
+       do not put world-writable directories in distribution tarballs
+       * lib/am/distdir.am (distdir): Do not make all directories
+       group- or world-writable.  Instead, use 755.
+       * tests/subpkg4.test (test-distdir-is-readable): Check for new,
+       more restricted permissions.
+
 2009-11-29  Karl Berry  <karl@freefriends.org>
 
        Rewrite `gnupload --help' examples.

diff --git a/Makefile.in b/Makefile.in
index 6db5f7d745905b35b188f9c315b7031f1f127291..1e626b1c4d8f5fe305f8af3c5e0901b8d1c5ef29 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -570,7 +570,8 @@ distdir: $(DISTFILES)
          top_distdir="$(top_distdir)" distdir="$(distdir)" \
          dist-hook
        -test -n "$(am__skip_mode_fix)" \
-       || find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+       || find "$(distdir)" -type d ! -perm -755 \
+               -exec chmod u+rwx,go+rx {} \; -o \
          ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
          ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
          ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \

diff --git a/lib/am/distdir.am b/lib/am/distdir.am
index e3294fbbc9439eb3520f7c52df296ade61936a7e..dcaed5ef063a661026c9582d808d3a5628cdd300 100644 (file)
--- a/lib/am/distdir.am
+++ b/lib/am/distdir.am
@@ -279,11 +279,7 @@ if %?DIST-TARGETS%
 endif %?DIST-TARGETS%
 ##
 ## This complex find command will try to avoid changing the modes of
-## links into the source tree, in case they're hard-linked.  It will
-## also make directories writable by everybody, because some
-## brain-dead tar implementations change ownership and permissions of
-## a directory before extracting the files, thus becoming unable to
-## extract them.
+## links into the source tree, in case they're hard-linked.
 ##
 ## Ignore return result from chmod, because it might give an error
 ## if we chmod a symlink.
@@ -301,7 +297,8 @@ endif %?DIST-TARGETS%
 ##
 if %?TOPDIR_P%
        -test -n "$(am__skip_mode_fix)" \
-       || find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+       || find "$(distdir)" -type d ! -perm -755 \
+               -exec chmod u+rwx,go+rx {} \; -o \
          ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
          ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
          ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \

diff --git a/tests/subpkg4.test b/tests/subpkg4.test
index 8e8371bae798259cf3042ca23f79bc8080473991..1a6835a917403aadc12d127c03a203a3e26eff01 100755 (executable)
--- a/tests/subpkg4.test
+++ b/tests/subpkg4.test
@@ -24,7 +24,7 @@ set -e
 cat >Makefile.am <<'END'
 SUBDIRS = subpkg
 test-distdir-is-readable:
-       bad_dirs=`find $(distdir) -type d ! -perm -777 -print`; \
+       bad_dirs=`find $(distdir) -type d ! -perm -755 -print`; \
        if test -n "$$bad_dirs"; then \
          echo "directories not permissive: $$bad_dirs" >&2; \
          exit 1; \