[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200508061622.48207.baikie@ehwhat.freeserve.co.uk>
Date: Sat, 6 Aug 2005 16:22:48 +0100
From: David Watson <baikie@...hat.freeserve.co.uk>
To: bugtraq@...urityfocus.com
Subject: Re: GNU tar and the setuid bit
On Friday 05 Aug 2005 12:52 am, Imran Ghory wrote:
> If running as the root user tar restores the original permissions to
> extracted files, this includes the setuid bit. No warning is given to
> the user that this has happened.
>
> The default behaviour of tar under root is not to change ownership of
> the file to root. However owner information is extracted from the tar
> file, so a trivialy modified tar file can ensure the owner of the
> extracted files is the root user.
>
> This allows for the creation of arbitary setuid executable owned by
> the root user if the root user extracts the files from a malliciously
> crafted tar file.
With GNU tar (which you seem to be referring to), using --no-same-permissions
when extracting clears all of the setuid, setgid and sticky bits in addition
to subtracting the umask (undocumented behaviour, but logical enough). It's
advisable to use this along with -o when extracting random archives as root.
(Although as I've just noticed, -o alone will turn any setuid executable into
a setuid-root executable - now that *is* a bug!) Or of course, you could
extract them as someone else ;)
It looks as if they're planning to make --no-same-permissions the default for
root in future, but 'alias tar="tar --no-same-permissions"' does the trick
for now, if you don't mind breaking the old-style option syntax (-p reenables
the full permissions from the archive, of course).
(By the way, -o is broken in version 1.14 at least, but --no-same-owner
works.)
Powered by blists - more mailing lists