[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7389fc4b05080514583061f7fb@mail.gmail.com>
Date: Fri, 5 Aug 2005 22:58:07 +0100
From: Imran Ghory <imranghory@...il.com>
To: Neil McKellar <mckellar@...usplanet.net>,
bugtraq@...urityfocus.com
Subject: Re: tar preserves setuid bit
On 8/5/05, Neil McKellar <mckellar@...usplanet.net> wrote:
> Imran Ghory <imranghory@...il.com> wrote:
> > If running as the root user tar restores the original permissions to
> > extracted files, this includes the setuid bit. No warning is given to
> > the user that this has happened.
>
> From the default man page for tar:
>
> The owner, modification time, and mode are restored (if possible);
>
> This isn't specific to GNU, it's *expected behaviour* for every version of tar.
> In fact, a failure to conform to this behaviour breaks essential functionality
> of tar.
I'm not saying that it shouldn't have the behaviour, rather that it
should warn the user.
Howeber the only reason I posted this "bug" was because a number of
unix/linux vendors have decided that the same issue in unzip (which I
cited earlier : CAN-2005-0602) should be considered a vulnerability
and have issued patches to change the behaviour. Hence they may (or
may not) decide to take similar action with tar,
> What part of 'Tape ARchive' wasn't clear? Would you be happy if your backup and
> restore procedures failed to actually restore files in their original condition?
The number of people who use tar for archival purposes is minimal
compared to those who use it for distribution purposes. Of course you
could argue that misusing an archival tool as a distribution tool is
the source of this potential problem, but the fact is that it is used
for distribution purposes and thus is a potentinal attack vector.
Imran Ghory
Powered by blists - more mailing lists