From owner-freebsd-current@FreeBSD.ORG Sat Aug 21 21:24:03 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B551316A4CE for ; Sat, 21 Aug 2004 21:24:03 +0000 (GMT) Received: from kientzle.com (h-66-166-149-50.snvacaid.covad.net [66.166.149.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 938B743D45 for ; Sat, 21 Aug 2004 21:24:02 +0000 (GMT) (envelope-from kientzle@freebsd.org) Received: from freebsd.org (p54.kientzle.com [66.166.149.54]) by kientzle.com (8.12.9/8.12.9) with ESMTP id i7LLO190006165; Sat, 21 Aug 2004 14:24:02 -0700 (PDT) (envelope-from kientzle@freebsd.org) Message-ID: <4127BD71.60500@freebsd.org> Date: Sat, 21 Aug 2004 14:24:01 -0700 From: Tim Kientzle User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20031006 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Kris Kennaway References: <20040813235434.GA75875@xor.obsecurity.org> <20040814063541.GA43063@xor.obsecurity.org> <411FCCCC.8040508@freebsd.org> <20040815205946.GA18580@xor.obsecurity.org> <411FE1FA.5070703@freebsd.org> <20040815224844.GA26084@xor.obsecurity.org> In-Reply-To: <20040815224844.GA26084@xor.obsecurity.org> Content-Type: multipart/mixed; boundary="------------090209070101040009030802" cc: current@freebsd.org Subject: Re: bsdtar's security restrictions (was Re: Spurious EACCES errors from apache) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Aug 2004 21:24:03 -0000 This is a multi-part message in MIME format. --------------090209070101040009030802 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Kris Kennaway wrote: > > ....can't you make it just not clear > permissions on files and directories that already exist? If they have > relaxed or insecure permissions, they had insecure permissions to > begin with and one may assume this is by intention. And, conversely, if they had restricted permissions, then we can assume that was by intention and we shouldn't loosen them. That makes the current behavior actually less secure than it should be, doesn't it? Try the attached and let me know if that fixes it. Tim --------------090209070101040009030802 Content-Type: text/plain; name="archive_read_extract.c.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="archive_read_extract.c.diff" Index: archive_read_extract.c =================================================================== RCS file: /home/ncvs/src/lib/libarchive/archive_read_extract.c,v retrieving revision 1.33 diff -u -r1.33 archive_read_extract.c --- archive_read_extract.c 7 Aug 2004 03:09:28 -0000 1.33 +++ archive_read_extract.c 21 Aug 2004 21:21:27 -0000 @@ -479,7 +479,7 @@ if (extract->pst != NULL) { extract->pst = &extract->st; if (S_ISDIR(extract->pst->st_mode)) - goto success; + return (ARCHIVE_OK); /* It exists but isn't a dir. */ if ((flags & ARCHIVE_EXTRACT_UNLINK)) unlink(path); --------------090209070101040009030802--