{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":57069947,"defaultBranch":"master","name":"debpkg","ownerLogin":"xor-gate","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2016-04-25T19:30:33.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1050166?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1644480383.9059389","currentOid":""},"activityList":{"items":[{"before":"b54eb589c65b1e29ac303fd7e6ad94eb7714c9c9","after":"c38335c73b02f473b53c3c06350f2ed7b5c0d4f4","ref":"refs/heads/master","pushedAt":"2024-04-10T11:59:39.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"xor-gate","name":"Jerry Jacobs","path":"/xor-gate","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1050166?s=80&v=4"},"commit":{"message":"Update README.md\n\nAdd notes when debugging generated package on debian system","shortMessageHtmlLink":"Update README.md"}},{"before":"0531ad63eb7f5bba0f5054a1c21dd9edf6c3f362","after":"b54eb589c65b1e29ac303fd7e6ad94eb7714c9c9","ref":"refs/heads/master","pushedAt":"2023-12-13T16:38:44.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"xor-gate","name":"Jerry Jacobs","path":"/xor-gate","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1050166?s=80&v=4"},"commit":{"message":"Let files be owned by root (#33)\n\nAs of the current master, debpkg sets the UID and GID for added files to 0, as expected. The files' original owner *name* is kept as is, though.\r\n\r\nOn Ubuntu 22.04 (and possibly others), this will result in the file being owned by the *original* owner if the username exists on the target system when installing the package.\r\n\r\nThis can become a security issue. On a target system with no matching username, binaries owned by root will be installed, and a target with a matching username will install binaries owned by some non-root user, allowing the user to modify system binaries.\r\n\r\nThis change replaces the original owner and group with \"root\".\r\n\r\nAs far as I understand, the Debian Policy Manual says we let all files be owned by root in section 10.9: Permissions and owners.","shortMessageHtmlLink":"Let files be owned by root (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2038587855\" data-permission-text=\"Title is private\" data-url=\"https://github.com/xor-gate/debpkg/issues/33\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/xor-gate/debpkg/pull/33/hovercard\" href=\"https://github.com/xor-gate/debpkg/pull/33\">#33</a>)"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAELP0DogA","startCursor":null,"endCursor":null}},"title":"Activity · xor-gate/debpkg"}