lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200508070011.45261.baikie@ehwhat.freeserve.co.uk>
Date: Sun, 7 Aug 2005 00:11:45 +0100
From: David Watson <baikie@...hat.freeserve.co.uk>
To: bugtraq@...urityfocus.com
Subject: Re: GNU tar and the setuid bit


On Saturday 06 Aug 2005 4:22 pm, David Watson wrote:
> (By the way, -o is broken in version 1.14 at least, but --no-same-owner
> works.)

Sorry, I just noticed that that last comment was entirely misleading! In all 
versions, using --no-same-owner without --no-same-permissions *will* cause 
the setuid and setgid bits to be preserved even where the owner or group has 
been changed to root (i.e. where a different UID or GID was specified in the 
archive), as will using -o (in 1.15) without --no-same-permissions. The -o 
option is 'broken' in 1.14 (and possibly in earlier versions) in that it 
simply fails to enable the intended behaviour (in fact it enables the exact 
opposite, being equivalent to --same-owner).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ