| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Sep 2006 06:26:23 +0000 (UTC) From: daw@...berkeley.edu (David Wagner) To: linux-kernel@...r.kernel.org Subject: Re: R: Linux kernel source archive vulnerable Kyle Moffett wrote: >On Sep 13, 2006, at 01:34:01, David Wagner wrote: >> So it sounds like git-tar-tree has a bug; its default isn't setting >> meaningful permissions on the files that it puts into the tar archive. >> I hope the maintainers of git-tar-tree will consider fixing this bug. > >Let me reiterate: This is not a bug! I think it is a bug. It sounds like git-tar-tree is storing the wrong set of permissions in the tar archive. When I run "tar cf foo.tar bar", and bar has permissions 0644, then tar inserts an entry into the archive for "bar" with its permissions listed as 0644 (*not* 0666). If "tar cf foo.tar bar" just ignored the permissions on bar and always used a default of 0666 out of laziness, that would be a bug in "tar cf". The same goes for git-tar-tree. It seems to me that git-tar-tree ought to behave the same as "tar cf". In any case, regardless of whether this is by design or not, it is not courteous to your users to distribute tar files where all the files have permissions 0666. That's not a user-friendly to do. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists