From 2c05f5c3860180d7829ac507f0b42a59e8e8e5f4 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Mon, 12 Mar 2012 16:30:44 -0700
Subject: Never create un-listable directories

---
 lib/utils/tar.js | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/utils/tar.js b/lib/utils/tar.js
index 8ff2b01a6..1666325a5 100644
--- a/lib/utils/tar.js
+++ b/lib/utils/tar.js
@@ -205,6 +205,13 @@ function gunzTarPerm (tarball, tmp, dMode, fMode, uid, gid, cb) {
 
   var fst = fs.createReadStream(tarball)
 
+  function extractEntry (entry) {
+    // never create things that are user-unreadable,
+    // or dirs that are user-un-listable. Only leads to headaches.
+    entry.mode = entry.mode | (entry.type === "Directory" ? dMode : fMode)
+    entry.props.mode = entry.mode
+  }
+
   fst.on("error", log.er(cb, "error reading "+tarball))
   fst.on("data", function OD (c) {
     // detect what it is.
@@ -219,12 +226,14 @@ function gunzTarPerm (tarball, tmp, dMode, fMode, uid, gid, cb) {
         .pipe(zlib.Unzip())
         .on("error", log.er(cb, "unzip error "+tarball))
         .pipe(tar.Extract({ type: "Directory", path: tmp }))
+        .on("entry", extractEntry)
         .on("error", log.er(cb, "untar error "+tarball))
         .on("close", afterUntar)
     } else if (c.toString().match(/^package\//)) {
       // naked tar
       fst
         .pipe(tar.Extract({ type: "Directory", path: tmp }))
+        .on("entry", extractEntry)
         .on("error", log.er(cb, "untar error "+tarball))
         .on("close", afterUntar)
     } else {
-- 
cgit v1.2.3