Date: Thu, 6 Jun 2002 17:03:23 -0700 (PDT) From: Maxim Sobolev <sobomax@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/contrib/tar/src extract.c Message-ID: <200206070003.g5703NO59225@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
sobomax 2002/06/06 17:03:23 PDT
Modified files:
contrib/tar/src extract.c
Log:
IMO it was a quite ugly idea that if we are running as uid 0 then we can
safely ignore current umask(2) and assume that permissions should be set
right like in the archive. Not only it violates POLA, but introduces
huge potential security vulnerability, particularly for ports, where
many popular archives come with 777 files and dirs.
Revision Changes Path
1.2 +4 -0 src/contrib/tar/src/extract.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206070003.g5703NO59225>