You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Original bug ID: 5219 Reporter: selinger Assigned to:@shindere Status: resolved (set by @gasche on 2018-03-29T17:40:06Z) Resolution: fixed Priority: normal Severity: minor Version: 3.12.0 Fixed in version: 4.07.0+dev/beta2/rc1/rc2 Category: configure and build/install Tags: patch Related to:#8361 Monitored by: "Julien Signoles" @hcarty
Bug description
The "make install" target does not set proper file permissions on the installed files. Moreover, there is no easy way to fix the permissions once they are messed up.
Details:
Suppose some user uses umask 0007, and root uses umask 0022. It is normal to compile the program as an ordinary user, and to install it later as root. Therefore, during compilation, files are generated with umask 0007. Since "make install" uses a simple "cp" to copy most files, this umask 0007 is preserved during installation, and root's umask 0022 is not used. The installed files (owned by root) are therefore not readable by non-root users.
Moreover, once installed, an attempt to correct this problem by re-compiling with a different umask will fail. Suppose the user changes her umask to 0022, and re-compiles from a fresh copy of the sources. Now "make install", run as root, will still use "cp", and since the target file already exists, the permissions of the target file, and not the source file, will be used!! Therefore the files will still not be readable.
Moreover, since there is no "make uninstall" target, there is no simple way to find all the installed files and correct their permissions manually.
Solution: the make system should use $(INSTALL) instead of 'cp', 'cp -f', etc.
By default this should be set to INSTALL=install, which will set permissions correctly. It could also be set to a shell script, or to 'cp -f', if an 'install' program is not available at the target system.
Note that there are several versions of install (still). Because of this one should at least have the option to set the path of the install binary in the configure script.
In GODI we added a godi_install program to handle this issue, which always provides a BSD-compatible install. Maybe this is also a way to get here around this difficulty, just add a comparable program to the ocaml distribution.
I believe that my patch uses 'install' in a portable way, that should work on all the systems we support (Linux distributions use the version from GNU coreutiles, Windows seems to use linux-compatible cygwin tools, and OSX and BSDs use a BSD install):
I only use the invocation forms (install files... dir) or (install src dst), which are supported by both GNU install and BSD install
The only option used is -m <mode>, and the modes used by the patch are symbolic modes (u+rw,g+rw,o+r and u+rwx,g+rwx,o+rx), which both tools should support (see https://www.freebsd.org/cgi/man.cgi?query=chmod&sektion=1 for FreeBSD's chmod(1) manpage).
Original bug ID: 5219
Reporter: selinger
Assigned to: @shindere
Status: resolved (set by @gasche on 2018-03-29T17:40:06Z)
Resolution: fixed
Priority: normal
Severity: minor
Version: 3.12.0
Fixed in version: 4.07.0+dev/beta2/rc1/rc2
Category: configure and build/install
Tags: patch
Related to: #8361
Monitored by: "Julien Signoles" @hcarty
Bug description
The "make install" target does not set proper file permissions on the installed files. Moreover, there is no easy way to fix the permissions once they are messed up.
Details:
Suppose some user uses umask 0007, and root uses umask 0022. It is normal to compile the program as an ordinary user, and to install it later as root. Therefore, during compilation, files are generated with umask 0007. Since "make install" uses a simple "cp" to copy most files, this umask 0007 is preserved during installation, and root's umask 0022 is not used. The installed files (owned by root) are therefore not readable by non-root users.
Moreover, once installed, an attempt to correct this problem by re-compiling with a different umask will fail. Suppose the user changes her umask to 0022, and re-compiles from a fresh copy of the sources. Now "make install", run as root, will still use "cp", and since the target file already exists, the permissions of the target file, and not the source file, will be used!! Therefore the files will still not be readable.
Moreover, since there is no "make uninstall" target, there is no simple way to find all the installed files and correct their permissions manually.
Solution: the make system should use $(INSTALL) instead of 'cp', 'cp -f', etc.
By default this should be set to INSTALL=install, which will set permissions correctly. It could also be set to a shell script, or to 'cp -f', if an 'install' program is not available at the target system.
Patch attached.
File attachments
The text was updated successfully, but these errors were encountered: