Date: Fri, 24 Sep 2004 15:50:46 -0000 From: Maxim Sobolev <sobomax@FreeBSD.ORG> To: dwbear75@gmail.com Cc: security@FreeBSD.ORG Subject: Re: WARNING! New GNU Tar in 5-CURRENT could erroneously createworld writeable dirs Message-ID: <200206070608.g57682M20849@vega.vega.com> In-Reply-To: <no.id@mx2.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > > Hi, > > > > I've just noticed that something wrong with the new tar in the base > > system (1.13.25) - when extracting some archives it creates 777 dirs, > > while permissions in the archive itself are OK (for example GNU make > > make-3.79.1.tar.gz - top level dir gets 777 as well as several > > other lowel level dirs). The issue is under investigation. > > Should be solved now. Stupid GNU folks for some reason decided that > when tar is executed as uid 0 then by default umask(2) should not be > applied to files and dirs being extracted. That said, anybody who runs 5.0-CURRENT with the new tar is advised to clean up all ports' WRKDIRs she might have, to avoid being trojaned by a local user. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206070608.g57682M20849>