patch-7485479-security.in   [plain text]


--- lib/am/distdir.am.orig	2006-10-15 09:41:08.000000000 -0700
+++ lib/am/distdir.am	2010-10-11 15:36:15.000000000 -0700
@@ -196,11 +196,7 @@
 endif %?DIST-TARGETS%
 ##
 ## This complex find command will try to avoid changing the modes of
-## links into the source tree, in case they're hard-linked.  It will
-## also make directories writable by everybody, because some
-## brain-dead tar implementations change ownership and permissions of
-## a directory before extracting the files, thus becoming unable to
-## extract them.
+## links into the source tree, in case they're hard-linked.
 ##
 ## Ignore return result from chmod, because it might give an error
 ## if we chmod a symlink.
@@ -213,7 +209,7 @@
 ## the file in place in the source tree.
 ##
 if %?TOPDIR_P%
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	-find $(distdir) -type d ! -perm -755 -exec chmod u+rwx,go+rx {} \; -o \
 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \