[Bug 304453] [NEW] file permissions munged in unison 2.27, please update to 2.32
Launchpad Bug Tracker
304453 at bugs.launchpad.net
Thu Dec 4 17:26:26 UTC 2008
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge (jdstrand):
Hardy has unison 2.13.16, and Intrepid has 2.27.57. After upgrading, a
bug occurs that has to do with file permissions. To reproduce the bug:
Create a new directory and a new .prf file that refers to that
directory, with perms = 0. Create a new file in that directory.
Synchronize the file with another machine. The synchronized version of
the file has erroneous permissions -rw------. From discussions with the
author, I think this may actually be a problem that occurs specifically
because of the upgrade from this specific old version (2.13, which dates
back to 2005) to this specific new version (2.27).
Upgrading to unison 2.32.1 fixes the bug.
I've checked the box saying that it's a security vulnerability, because
the bug puts incorrect permissions on files. The behavior I've observed
actually makes the permissions on the file *more* strict than they
should be, but I don't know whether the same bug could also result in
the opposite behavior, making them less strict than they should be,
which would be a security vulnerability. It may depend on the umasks
that are set on the two machines.
** Affects: unison (Ubuntu)
Importance: Undecided
Status: New
--
file permissions munged in unison 2.27, please update to 2.32
https://bugs.launchpad.net/bugs/304453
You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list