After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 790672 - File-roller upon drag-and-drop creates archive with different permissions
File-roller upon drag-and-drop creates archive with different permissions
Status: RESOLVED OBSOLETE
Product: file-roller
Classification: Applications
Component: general
3.16.x
Other Linux
: Normal major
: ---
Assigned To: file-roller-maint
file-roller-maint
Depends on:
Blocks:
 
 
Reported: 2017-11-21 16:20 UTC by d.farhi
Modified: 2020-11-11 19:13 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Video of Fileroller changing perms (809.26 KB, video/mp4)
2017-11-21 16:20 UTC, d.farhi 		Details

Description d.farhi 2017-11-21 16:20:02 UTC 
Created attachment 364129 [details]
Video of Fileroller changing perms

Hello,

Ubuntu Security referred me to file a bug here.

When dragging and dropping a file into a .tar.gz file that has permissions 600 set to it, in the background, a new archive is created with different permissions than the original artifact.

Example:

user@gnu:~/Documents/test$ ls -l
total 11380
-rwxr-xr-x 1 dolev dolev      901 Nov 19 00:28 index.html
-rw------- 1 dolev dolev 11629401 Nov 19 00:39 test.tar.gz

when I drag an drop index.html into test.tar.gz, the following happens

1) a new .tar.gz file (vliv8kxjt2J6BRwz.test.tar.gz) is created while the file is being copied

2) when it's done, the original file gets deleted (test.tar.gz).

3) 'vliv8kxjt2J6BRwz.test.tar.gz' then gets renamed to the original filename 'test.tar.gz', while not preserving the original permissions. I'm guessing it takes umask.

while file was being created:
-rw------- 1 user user      901 Nov 19 00:28 index.html
-rw------- 1 user user 11629401 Nov 19 00:44 test.tar.gz
-rw-rw-r-- 1 user user 10137600 Nov 19 00:47 vliv8kxjt2J6BRwz.test.tar.gz
total 11380

after it's done, notice the permissions changed from 600 to 664:
-rw------- 1 user user      901 Nov 19 00:28 index.html
-rw-rw-r-- 1 user user 11629406 Nov 19 00:47 test.tar.gz
total 11380

Since the user is simply dragging and dropping a file, it's not obvious that the file now has different permissions. also, in shared environments, read permissions to others allows decompressing the archive.

attached is a video for your convenience.
Comment 1 André Klapper 2020-11-11 19:13:31 UTC 
bugzilla.gnome.org is being replaced by gitlab.gnome.org. We are closing all old bug reports and feature requests in GNOME Bugzilla which have not seen updates for a long time.

If you still use file-roller and if you still see this bug / want this feature in a currently supported version of GNOME (currently that would be 3.38), then please feel free to report it at https://gitlab.gnome.org/GNOME/file-roller/-/issues/

Thank you for creating this report and we are sorry it could not be implemented (volunteer workforce and time is limited).