Closed ErichRitz closed 11 months ago
Thanks for the report. We will investigate on our end, internally tracked as GODT-3034.
@ErichRitz I have tried to replicate your steps, but I am unable to get the same results on Ubuntu 22.04 LTS.
I have tried with the 3.5.3 and 3.5.4 release files from Github and no SGID bits are set.
Are you sure that you have no local settings that may affect this?
I wondered the same thing and was unable to reproduce with 3.5.1. (Which is how I noticed the behavior.)
Also I must be user root to observe the behavior. Extracting the files as a normal user apparently prevents the bits from being set.
Here's how to reproduce on Ubuntu 16.04 LTS (that's the only Ubuntu I have a VM for at the moment):
erich@ubuntu1604:~$ mkdir tmp1
erich@ubuntu1604:~$ cd tmp1
erich@ubuntu1604:~/tmp1$ ar p ../protonmail-bridge_3.5.3-1_amd64.deb data.tar.gz | sudo tar xz
erich@ubuntu1604:~/tmp1$ ls -la
total 12
drwxr-sr-x 3 root root 4096 Oct 11 01:44 .
drwxr-xr-x 22 erich erich 4096 Oct 20 09:05 ..
drwxr-sr-x 5 root root 4096 Oct 11 01:44 usr
erich@ubuntu1604:~/tmp1$
Observe the "r-s" on the group bits.
Note that if logged in as a normal user the "sudo" must be on the "tar xz" command, not "ar p ...".
@ErichRitz, it seems to me that this is issue stems from you extracting the archive as root. There is nothing we can do in this case.
Several folders incorrectly have the SGID bit set:
Expected Behavior
These folders should not have the SGID bit set.
Current Behavior
Starting with 3.5.3 (and also including 3.6.0), the SGID bit is set. With 3.5.1 it was not.
Possible Solution
Steps to Reproduce
mkdir tmp; cd tmp
ar p ../protonmail-bridge_3.5.3-1_amd64.deb data.tar.gz | tar xz
ls -la
Version Information
3.5.3 (and 3.6.0 as well)
Context (Environment)
I am trying to create a package (for a different OS) from the DEB binary release.
Detailed Description
Possible Implementation