[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.NEB.4.62.0508090846160.632@pilchuck.reedmedia.net>
Date: Tue, 9 Aug 2005 09:12:02 -0700 (PDT)
From: "Jeremy C. Reed" <reed@...dmedia.net>
To: Imran Ghory <imranghory@...il.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: tar preserves setuid bit
On Fri, 5 Aug 2005, Imran Ghory wrote:
> I'm not saying that it shouldn't have the behaviour, rather that it
> should warn the user.
>
> Howeber the only reason I posted this "bug" was because a number of
> unix/linux vendors have decided that the same issue in unzip (which I
> cited earlier : CAN-2005-0602) should be considered a vulnerability
> and have issued patches to change the behaviour. Hence they may (or
> may not) decide to take similar action with tar,
I thought this was a little different. According to unzip advisory, normal
unzip does this behaviour. But with tar you usually use the -p switch --
so you have to make a simple effort to do the setuid/setgid. Also you'd
need to be root to set it to setuid.
It is not documented well in the gtar manual page:
-p, --same-permissions, --preserve-permissions
extract all protection information
But then I read GNU tar-1.15.1 README which says:
About *security*, it is probable that future releases of `tar' will have
some behavior changed. There are many pending suggestions to choose from.
Today, extracting an archive not being `root', `tar' will restore suid/sgid
bits on files but owned by the extracting user. `root' automatically gets
a lot of special privileges, `-p' might later become required to get them.
I tested and as root it did automatically preserve the setuid and I was
surprised by this behaviour as I had always used -p switch before.
The man page for tar from NetBSD (not gtar) says:
-p, --preserve-permissions, --preserve
Preserve user and group ID as well as file mode regardless
of the current umask(2). The setuid and setgid bits are
only preserved if the user is the superuser. Only meaning-
ful in conjunction with the -x flag.
With NetBSD's tar you are required to use the -p switch.
I don't know when GNU tar changed -- or maybe I had always used some
patched GNU tar that forced this -- but maybe it should expect -p also.
Jeremy C. Reed
BSD News, BSD tutorials, BSD links
http://www.bsdnewsletter.com/
Powered by blists - more mailing lists