From owner-freebsd-security  Thu Jun  6 23: 8:34 2002
Delivered-To: freebsd-security@freebsd.org
Received: from sdns.kv.ukrtel.net (sdns.kv.ukrtel.net [195.5.27.246])
	by hub.freebsd.org (Postfix) with ESMTP
	id DE4B437B40B; Thu,  6 Jun 2002 23:07:59 -0700 (PDT)
Received: from vega.vega.com (195.5.51.243 [195.5.51.243]) by sdns.kv.ukrtel.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id M2L7DMW7; Fri, 7 Jun 2002 09:09:58 +0300
Received: (from max@localhost)
	by vega.vega.com (8.11.6/8.11.3) id g57682M20849;
	Fri, 7 Jun 2002 09:08:02 +0300 (EEST)
	(envelope-from sobomax@FreeBSD.org)
From: Maxim Sobolev <sobomax@FreeBSD.org>
Message-Id: <200206070608.g57682M20849@vega.vega.com>
Subject: Re: WARNING! New GNU Tar in 5-CURRENT could erroneously create world writeable dirs
To: sobomax@FreeBSD.org (Maxim Sobolev)
Date: Fri, 7 Jun 2002 09:08:02 +0300 (EEST)
Cc: sobomax@FreeBSD.org (Maxim Sobolev), security@FreeBSD.org,
	current@FreeBSD.org
In-Reply-To: <no.id> from "Maxim Sobolev" at Jun 07, 2002 03:05:51 AM
X-Mailer: ELM [version 2.5 PL5]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> 
> > 
> > Hi,
> > 
> > I've just noticed that something wrong with the new tar in the base
> > system (1.13.25) - when extracting some archives it creates 777 dirs,
> > while permissions in the archive itself are OK (for example GNU make
> > make-3.79.1.tar.gz - top level dir gets 777 as well as several
> > other lowel level dirs). The issue is under investigation.
> 
> Should be solved now. Stupid GNU folks for some reason decided that
> when tar is executed as uid 0 then by default umask(2) should not be
> applied to files and dirs being extracted.

That said, anybody who runs 5.0-CURRENT with the new tar is advised to
clean up all ports' WRKDIRs she might have, to avoid being trojaned
by a local user.

-Maxim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message