From owner-freebsd-security Thu Jun 6 17: 6: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from sdns.kv.ukrtel.net (sdns.kv.ukrtel.net [195.5.27.246]) by hub.freebsd.org (Postfix) with ESMTP id 79DF737B405; Thu, 6 Jun 2002 17:05:53 -0700 (PDT) Received: from vega.vega.com (195.5.51.243 [195.5.51.243]) by sdns.kv.ukrtel.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id M2L7DMS5; Fri, 7 Jun 2002 03:07:50 +0300 Received: (from max@localhost) by vega.vega.com (8.11.6/8.11.3) id g5705qA19868; Fri, 7 Jun 2002 03:05:52 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) From: Maxim Sobolev Message-Id: <200206070005.g5705qA19868@vega.vega.com> Subject: Re: WARNING! New GNU Tar in 5-CURRENT could erroneously create world writeable dirs To: sobomax@FreeBSD.org (Maxim Sobolev) Date: Fri, 7 Jun 2002 03:05:51 +0300 (EEST) Cc: security@FreeBSD.org, current@FreeBSD.org In-Reply-To: from "Maxim Sobolev" at Jun 07, 2002 01:45:52 AM X-Mailer: ELM [version 2.5 PL5] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Hi, > > I've just noticed that something wrong with the new tar in the base > system (1.13.25) - when extracting some archives it creates 777 dirs, > while permissions in the archive itself are OK (for example GNU make > make-3.79.1.tar.gz - top level dir gets 777 as well as several > other lowel level dirs). The issue is under investigation. Should be solved now. Stupid GNU folks for some reason decided that when tar is executed as uid 0 then by default umask(2) should not be applied to files and dirs being extracted. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message