OS X installer build script: permissions not ensured

[nicholasriley]

BPO	14299
Nosy	@ronaldoussoren, @ned-deily
Files	perm.patch

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/ned-deily'
closed_at = None
created_at = <Date 2012-03-14.03:21:01.896>
labels = ['OS-mac', 'type-bug']
title = 'OS X installer build script: permissions not ensured'
updated_at = <Date 2013-07-07.19:58:24.509>
user = 'https://bugs.python.org/nicholasriley'

bugs.python.org fields:

activity = <Date 2013-07-07.19:58:24.509>
actor = 'ned.deily'
assignee = 'ned.deily'
closed = False
closed_date = None
closer = None
components = ['macOS']
creation = <Date 2012-03-14.03:21:01.896>
creator = 'nicholas.riley'
dependencies = []
files = ['24837']
hgrepos = []
issue_num = 14299
keywords = ['patch']
message_count = 5.0
messages = ['155716', '192521', '192581', '192583', '192584']
nosy_count = 3.0
nosy_names = ['nicholas.riley', 'ronaldoussoren', 'ned.deily']
pr_nums = []
priority = 'low'
resolution = None
stage = 'patch review'
status = 'open'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue14299'
versions = ['Python 3.3']

[nicholasriley]

The OS X installer build script does not ensure that files had the correct permissions when being packaged; some files' permissions were affected by your umask when running the build script, and others by the permissions of the source tree.

This patch sets the umask, so script-created files get correct permissions, wraps shutil.copy so it does the same thing, and adapts the existing os.walk-based permissions fixer to run over everything else.

It also removes group writability for the Python framework, as this is more secure and consistent with how Apple installs Python in 10.7 and later. If you need to install a Python package without being root, either use virtualenv/pythonv, ~/Library or ~/.local. Ned Deily and I discussed this at the PyCon sprints and he will update the documentation to match.

[ronaldoussoren]

Ned: is this still relevant? On first glance the patch has not been applied yet, but the funtionality may have been added in another form.

Also, I don't agree with the removal of group write-permissions. The current permissions allow users with admin privileges to install new packages without hassle, removing the group write permissions will IMHO just lead to tutorials that tell users to use sudo to install and that would be worse than the current situation.

[nicholasriley]

I don't have time to check it, but it's easy enough to test - set your umask to 077 and try building an installer, see if the files get the correct permissions when installed.

I would hope tutorials would tell users to install the packages somewhere else, but you're probably right - sudo is the path of least resistance and is even less secure.

[ronaldoussoren]

Right. And I'm even more sensitive as usual about that after reading webpage that appearently popular with newbies and explains that you install Python by first removing /System/Library/Frameworks/Python.framework. I still can't understand that the author of that page thought that this would be a good idea (not linking to it to avoid giving it more prominence).

[ned-deily]

Removing the group write permissions on the framework directory would be a significant change in the user interface so I agree that change should not be made until and if we have something better for user installation. The rest of the patch is still valid in the sense that nothing has changed in build-installer.py to ensure permissions (when not using /usr/bin/install). This hasn't been a problem with building python.org installers because of the environment used to build them. The patch is now out-of-date, though, due to subsequent changes to build-installer.py. I'll look at refreshing and applying that part of it in conjunction with other updates in the pipeline.