From owner-freebsd-security Thu Jun 6 18:43:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from blues.jpj.net (blues.jpj.net [204.97.17.6]) by hub.freebsd.org (Postfix) with ESMTP id A1BFB37B401; Thu, 6 Jun 2002 18:43:11 -0700 (PDT) Received: from localhost (trevor@localhost) by blues.jpj.net (8.11.6/8.11.6) with ESMTP id g571h6601663; Thu, 6 Jun 2002 21:43:06 -0400 (EDT) Date: Thu, 6 Jun 2002 21:43:06 -0400 (EDT) From: Trevor Johnson To: Maxim Sobolev Cc: security@FreeBSD.ORG, Subject: Re: WARNING! New GNU Tar in 5-CURRENT could erroneously create world writeable dirs In-Reply-To: <200206062245.g56Mjq319565@vega.vega.com> Message-ID: <20020606210833.W28206-100000@blues.jpj.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I've just noticed that something wrong with the new tar in the base > system (1.13.25) - when extracting some archives it creates 777 dirs, > while permissions in the archive itself are OK (for example GNU make > make-3.79.1.tar.gz - top level dir gets 777 as well as several > other lowel level dirs). The issue is under investigation. The latest version on ftp://ftp.gnu.org/gnu/tar/ is 1.13. The ones on ftp://alpha.gnu.org/gnu/tar/ (and everything else on that site) are considered unstable. I suppose it's too late to suggest tar 1.13 as a starting point, but maybe this could be kept in mind when importing other GNU products. -- Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message