Re: WARNING! New GNU Tar in 5-CURRENT could erroneously createworld writeable dirs

• Previous message: Terry Lambert: "Re: WARNING! New GNU Tar in 5-CURRENT could erroneously createworld writeable dirs"
• Maybe in reply to: Terry Lambert: "Re: WARNING! New GNU Tar in 5-CURRENT could erroneously createworld writeable dirs"
• Next in thread: Maxim Sobolev: "Re: WARNING! New GNU Tar in 5-CURRENT could erroneously createworld writeable dirs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 07 Jun 2002 09:08:02 +0300 (EEST)
To: dwbear75@gmail.com

>
> >
> > Hi,
> >
> > I've just noticed that something wrong with the new tar in the base
> > system (1.13.25) - when extracting some archives it creates 777 dirs,
> > while permissions in the archive itself are OK (for example GNU make
> > make-3.79.1.tar.gz - top level dir gets 777 as well as several
> > other lowel level dirs). The issue is under investigation.
>
> Should be solved now. Stupid GNU folks for some reason decided that
> when tar is executed as uid 0 then by default umask(2) should not be
> applied to files and dirs being extracted.

That said, anybody who runs 5.0-CURRENT with the new tar is advised to
clean up all ports' WRKDIRs she might have, to avoid being trojaned
by a local user.

-Maxim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"

• Previous message: Terry Lambert: "Re: WARNING! New GNU Tar in 5-CURRENT could erroneously createworld writeable dirs"
• Maybe in reply to: Terry Lambert: "Re: WARNING! New GNU Tar in 5-CURRENT could erroneously createworld writeable dirs"
• Next in thread: Maxim Sobolev: "Re: WARNING! New GNU Tar in 5-CURRENT could erroneously createworld writeable dirs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: WARNING! New GNU Tar in 5-CURRENT could erroneously createworld writeable dirs ... > I've just noticed that something wrong with the new tar in the base ... > other lowel level dirs). ... Stupid GNU folks for some reason decided that ... To Unsubscribe: send mail to majordomo@FreeBSD.org ... (freebsd-current) Re: Question about bzip2 and bzip2recover and tar ... Then tar can get everything except the bad section and a little bit before and after the bad section... ... Question about bzip2 and bzip2recover and tar ... >with a subject of "unsubscribe". ... Trouble? ... (Debian-User) Re: Question about bzip2 and bzip2recover and tar ... cat the results sequentially into a tar file or stream and then extract.... ... If this listing script works, ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... Trouble? ... (Debian-User) Re: RAR under linux: any alternative? ... delete your Windows partition TODAY! ... You can get my public key from any of the ... I have to explain to them what tar is how to find a window's ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... (Debian-User) Re: Using tar to extract files from tape ... The question is a simple one: can I use tar to extract a file ... "Tape ARchive" most probably doesn't ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... gpg: ... (Debian-User)