From: Tobias Geerinckx-Rice via Bug reports for GNU Guix <bug-guix@gnu.org>
To: Bengt Richter <bokr@bokr.com>, 38422@debbugs.gnu.org
Subject: bug#38422: .png files in /gnu/store with executable permissions (555)
Date: Fri, 29 Nov 2019 12:28:26 +0100 [thread overview]
Message-ID: <87r21q9b1h.fsf@nckx> (raw)
In-Reply-To: <87r21r9fn1.fsf@elephly.net>
[-- Attachment #1: Type: text/plain, Size: 3731 bytes --]
Bengt, Ricardo,
I see similar results here with ‘guix install moka-icon-theme’,
and I'm sure the rest of my (and everyone's) store is full of
misperm'd files too. It's kind of generally known.
This seems to be particularly common in Meson packages: for some
reason, Meson installs everything as executable by default.
Bengt Richter 写道:
> Is this zero-day stuff with a nasty somewhere, waiting for
> referencing
> by another nasty, or am I being paranoid?
What's the threat model there? Respectfully, I think you might
be, but maybe I'm naive…
Otherwise I consider this a merely cosmetic issue, but we still
welcome fixes for those!
Checking whether Meson behaves differently on other distributions
would be a good start.
Ricardo Wurmus 写道:
> Bengt Richter <bokr@bokr.com> writes:
>
>> $ find /gnu -type f -perm /111 -iname '*png'|xargs stat -c '%a
>> %A %N'|cut -d '-' -f5,6,7,8|less|uniq -c|less
>> --8<---------------cut
>> here---------------start------------->8---
>> 1 x
>> '/gnu/store/.links/1s94fymqj8xba55rg8xbdni9a215kxsxkddyh2qyb7y6fl7srpng'
>> 1 x
>> '/gnu/store/.links/05dsk06ffdwgjdqgsy03zhnsrcd44yyi8ylk9qyb1a3n89aplpng'
>> 97 x
>> '/gnu/store/jf7i57glqykwgm1k7zb5k8x6f1yd47l8-faba-icon-theme
>> 1 x
>> '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/gdparttopng'
>> 1 x
>> '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/gdtopng'
>> 1 x
>> '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/webpng'
>> 1 x
>> '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/gd2topng'
>> 1 x
>> '/gnu/store/x9c77i6r5fmarslij6ng81awgrxblplm-texlive-bin-20180414/bin/dvipng'
>> 34143 x
>> '/gnu/store/yg6skr4v6vnj04rm5k9h3pa81mjivba7-moka-icon-theme
>> 1 x
>> '/gnu/store/7mxkdn6cp7x8sac49p2g80qw5j1aavi3-texlive-20180414/bin/dvipng'
>> 62 x
>> '/gnu/store/6d79d8za76pj5f2flhckpmdvdgqhqxaa-docbook-xsl-1.79.1/xml/xsl/docbook
>> 1 x
>> '/gnu/store/azd3rg350gjkgzvzps3s4j3kpz5kxh57-texlive-bin-20180414/bin/dvipng'
>> 1 x
>> '/gnu/store/9w1hi2hr4zczc5jd5r2xmff9zf4gwc1n-texlive-union-49435/bin/dvipng'
>> 1 x
>> '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/gdparttopng'
>> 1 x
>> '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/gdtopng'
>> 1 x
>> '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/webpng'
>> 1 x
>> '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/gd2topng'
>> 1 x
>> '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/gdparttopng'
>> 1 x
>> '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/gdtopng'
>> 1 x
>> '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/webpng'
>> 1 x
>> '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/gd2topng'
>>
>> --8<---------------cut
>> here---------------end--------------->8---
>
> Maybe I’m missing something, but none of the above are PNGs.
> Most of them are executables, others are directories, so having
> them
> executable is expected.
Bengt's clever pipeline tallies the number of executable *png
files in each top-level store directory. It does not include
directories.
It's true that the '*png' above should be replaced with '*.png',
but these /bin files are just the very noisy outliers.
The meat is in:
> 34143 x
> '/gnu/store/yg6skr4v6vnj04rm5k9h3pa81mjivba7-moka-icon-theme
i.e. 34143 executable '*png' files in that directory alone.
Kind regards,
T G-R
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
next prev parent reply other threads:[~2019-11-29 11:29 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-29 7:59 bug#38422: .png files in /gnu/store with executable permissions (555) Bengt Richter
2019-11-29 9:49 ` Ricardo Wurmus
2019-11-29 10:59 ` zimoun
2019-11-29 11:28 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix [this message]
2019-11-29 12:22 ` Bengt Richter
2019-11-29 12:20 ` Mark H Weaver
2019-11-29 15:03 ` Bengt Richter
2019-11-30 4:08 ` Mark H Weaver
2019-11-30 4:24 ` Brett Gilio
2019-11-30 7:45 ` Julien Lepiller
2019-11-30 20:07 ` Bengt Richter
2019-12-02 15:20 ` zimoun
2020-01-22 0:22 ` bug#38422: Bug status? '.png' files with executable permissions zimoun
2020-01-22 2:28 ` Bengt Richter
2020-01-27 19:55 ` zimoun
2020-01-22 0:31 ` bug#38422: zimoun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r21q9b1h.fsf@nckx \
--to=bug-guix@gnu.org \
--cc=38422@debbugs.gnu.org \
--cc=bokr@bokr.com \
--cc=me@tobias.gr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).