Raise file conflicts on differing permissions (user, group, mode)

- Two files (or directories) cannot be correctly shared if their
  permissions differ, even if the content is identical: either
  file will end up having wrong permissions, depending on installation
  order. This means a package can among other things silently
  eg relax permissions of eg security sensitive directory (accidentally
  or intentionallY).
- We now require exact match of user, group and entire file mode
  (previously only the file type part of mode was tested)

diff --git a/lib/rpmfi.c b/lib/rpmfi.c
index 42c07db..e6e1fb3 100644 (file)
--- a/lib/rpmfi.c
+++ b/lib/rpmfi.c
@@ -542,13 +542,20 @@ rpmFileTypes rpmfiWhatis(rpm_mode_t mode)
 
 int rpmfiCompareIndex(rpmfi afi, int aix, rpmfi bfi, int bix)
 {
-    rpmFileTypes awhat = rpmfiWhatis(rpmfiFModeIndex(afi, aix));
-    rpmFileTypes bwhat = rpmfiWhatis(rpmfiFModeIndex(bfi, bix));
+    mode_t amode = rpmfiFModeIndex(afi, aix);
+    mode_t bmode = rpmfiFModeIndex(bfi, bix);
+    rpmFileTypes awhat = rpmfiWhatis(amode);
+    rpmFileTypes bwhat = rpmfiWhatis(bmode);
 
     if ((rpmfiFFlagsIndex(afi, aix) & RPMFILE_GHOST) ||
        (rpmfiFFlagsIndex(bfi, bix) & RPMFILE_GHOST)) return 0;
 
-    if (awhat != bwhat) return 1;
+    if (amode != bmode) return 1;
+
+    if (!rstreq(rpmfiFUserIndex(afi, aix), rpmfiFUserIndex(bfi, bix)))
+       return 1;
+    if (!rstreq(rpmfiFGroupIndex(afi, aix), rpmfiFGroupIndex(bfi, bix)))
+       return 1;
 
     if (awhat == LINK) {
        const char * alink = rpmfiFLinkIndex(afi, aix);