From owner-cvs-all  Thu Jun  6 17: 3:51 2002
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 816F737B408; Thu,  6 Jun 2002 17:03:23 -0700 (PDT)
Received: (from sobomax@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g5703NO59225;
	Thu, 6 Jun 2002 17:03:23 -0700 (PDT)
	(envelope-from sobomax)
Message-Id: <200206070003.g5703NO59225@freefall.freebsd.org>
From: Maxim Sobolev <sobomax@FreeBSD.org>
Date: Thu, 6 Jun 2002 17:03:23 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/contrib/tar/src extract.c
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

sobomax     2002/06/06 17:03:23 PDT

  Modified files:
    contrib/tar/src      extract.c 
  Log:
  IMO it was a quite ugly idea that if we are running as uid 0 then we can
  safely ignore current umask(2) and assume that permissions should be set
  right like in the archive. Not only it violates POLA, but introduces
  huge potential security vulnerability, particularly for ports, where
  many popular archives come with 777 files and dirs.
  
  Revision  Changes    Path
  1.2       +4 -0      src/contrib/tar/src/extract.c

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message