Date: Fri, 7 Jun 2002 09:08:02 +0300 (EEST) From: Maxim Sobolev <sobomax@FreeBSD.org> To: sobomax@FreeBSD.org (Maxim Sobolev) Cc: sobomax@FreeBSD.org (Maxim Sobolev), security@FreeBSD.org, current@FreeBSD.org Subject: Re: WARNING! New GNU Tar in 5-CURRENT could erroneously create world writeable dirs Message-ID: <200206070608.g57682M20849@vega.vega.com> In-Reply-To: <no.id> from "Maxim Sobolev" at Jun 07, 2002 03:05:51 AM
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > > Hi, > > > > I've just noticed that something wrong with the new tar in the base > > system (1.13.25) - when extracting some archives it creates 777 dirs, > > while permissions in the archive itself are OK (for example GNU make > > make-3.79.1.tar.gz - top level dir gets 777 as well as several > > other lowel level dirs). The issue is under investigation. > > Should be solved now. Stupid GNU folks for some reason decided that > when tar is executed as uid 0 then by default umask(2) should not be > applied to files and dirs being extracted. That said, anybody who runs 5.0-CURRENT with the new tar is advised to clean up all ports' WRKDIRs she might have, to avoid being trojaned by a local user. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206070608.g57682M20849>