snipsco / snips-issues

Feel free to share your bugs with us.
14 stars 5 forks source link

[Package] Generic ASR model installs with invalid uid/gid #132

Open a1higgins-oss opened 5 years ago

a1higgins-oss commented 5 years ago

What's the issue? sudo apt install snips-asr-model-en-500mb installs with uid 501 and group staff on rpi3

Use Cases Impacted A security/permissions issue

How to reproduce

sudo apt update; sudo apt install snips-asr-model-en-500mb
ls -al /usr/share/snips/snips-asr-model-en-500MB/
total 538956
drwxr-xr-x 2  501 staff      4096 May  8 09:47 .
drwxr-xr-x 8 root root       4096 May  8 09:43 ..
-rw-r--r-- 1  501 staff  34832070 Jun 13  2017 a.snips
-rw-r--r-- 1  501 staff 515643376 Jun 13  2017 b.snips
-rw-r--r-- 1  501 staff   1397374 Jun 13  2017 w.snips

Expected behavior File install should use a known uid/gid.

Version and Environment rpi3 Raspbian GNU/Linux 9 snips-asr-model-en-500mb (0.6.0-alpha.4)

cpoisson commented 5 years ago

Thanks for your feedback @a1higgins-oss,

this issue has been reported internally