From owner-freebsd-current@FreeBSD.ORG Sun Aug 15 22:48:47 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD67D16A4CE; Sun, 15 Aug 2004 22:48:47 +0000 (GMT) Received: from ylpvm43.prodigy.net (ylpvm43-ext.prodigy.net [207.115.57.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F1DC43D2D; Sun, 15 Aug 2004 22:48:47 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (adsl-67-115-74-195.dsl.lsan03.pacbell.net [67.115.74.195]) i7FMmnnA023225; Sun, 15 Aug 2004 18:48:49 -0400 Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 4A6E65139B; Sun, 15 Aug 2004 15:48:45 -0700 (PDT) Date: Sun, 15 Aug 2004 15:48:45 -0700 From: Kris Kennaway To: Tim Kientzle Message-ID: <20040815224844.GA26084@xor.obsecurity.org> References: <20040813235434.GA75875@xor.obsecurity.org> <20040814063541.GA43063@xor.obsecurity.org> <411FCCCC.8040508@freebsd.org> <20040815205946.GA18580@xor.obsecurity.org> <411FE1FA.5070703@freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9jxsPFA5p3P2qPhR" Content-Disposition: inline In-Reply-To: <411FE1FA.5070703@freebsd.org> User-Agent: Mutt/1.4.2.1i cc: current@freebsd.org cc: Kris Kennaway Subject: Re: bsdtar's security restrictions (was Re: Spurious EACCES errors from apache) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Aug 2004 22:48:47 -0000 --9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Aug 15, 2004 at 03:21:46PM -0700, Tim Kientzle wrote: > >packages > >packages/All > >packages/All/uzap-1.0.tgz > >packages/editors > >packages/editors/uzap-1.0.tgz > >packages/Latest > >packages/Latest/uzap.tgz > > > >packages/ is supposed to have these permissions: > > > >drwxr-xr-x 93 ports-i386 portmgr 2048 Aug 14 23:12 packages/ > > > >But while the archive is being extracted it is changed to > > > >drwx------ 93 ports-i386 portmgr 2048 Aug 14 23:12 packages/ >=20 > If you can change it to contain only the files > (and not the directories), then this should no > longer be a problem. As I mentioned earlier, the > editing of dir permissions is done for "packages/" > here because it's explicitly listed as an archive > entry. That would be a bit cumbersome..can't you make it just not clear permissions on files and directories that already exist? If they have relaxed or insecure permissions, they had insecure permissions to begin with and one may assume this is by intention. Kris --9jxsPFA5p3P2qPhR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBH+hMWry0BWjoQKURAqDmAJ4q723RXlmDFnEjkxxE7/rclEWVKQCdEdRA pKnJ+Jibjjm3Nr1nDTxPrxM= =E3cy -----END PGP SIGNATURE----- --9jxsPFA5p3P2qPhR--