Issue type
Bug report
Description
obs-websocket-4.8.0-1_amd64.deb (and possibly other/older release packages) contains files with an inappropriate mode (777)
I haven't taken a look at any other packages, but depending on the root cause this could impact other OS's.
This would allow a local low-privilege user of the system to add/replace certain files related to the plugin.
The files should have a more appropriate mode, such as 775
Steps to reproduce and other useful info
Inspect the .deb file with dpkg -c and observe files with mode 777
% dpkg -c ~/downloads/obs-websocket-4.8.0-1_amd64.deb | awk '$1 ~ /........w./'
drwxrwxrwx root/root 0 2020-05-27 07:56 ./usr/share/
drwxrwxrwx root/root 0 2020-05-27 07:57 ./usr/share/obs/obs-plugins/obs-websocket/
drwxrwxrwx root/root 0 2020-05-27 07:57 ./usr/share/obs/obs-plugins/obs-websocket/locale/
Install the .deb package using dpkg -i. Observe, for any file that didn't already exist on the OS (i.e. except for /usr/share/), the file was created with mode 777.
(I can't show the output of this - I already changed my files to be mode 755)
Technical information
- Operating System : Debian
- OBS Studio version : N/A
- obs-websocket version : 4.8.0-1
Issue type
Bug report
Description
obs-websocket-4.8.0-1_amd64.deb(and possibly other/older release packages) contains files with an inappropriate mode (777)I haven't taken a look at any other packages, but depending on the root cause this could impact other OS's.
This would allow a local low-privilege user of the system to add/replace certain files related to the plugin.
The files should have a more appropriate mode, such as 775
Steps to reproduce and other useful info
Inspect the
.debfile withdpkg -cand observe files with mode 777Install the
.debpackage usingdpkg -i. Observe, for any file that didn't already exist on the OS (i.e. except for/usr/share/), the file was created with mode 777.(I can't show the output of this - I already changed my files to be mode 755)
Technical information