From owner-freebsd-stable@FreeBSD.ORG  Thu Jun 17 22:30:10 2010
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6D4A3106566B
	for <freebsd-stable@freebsd.org>; Thu, 17 Jun 2010 22:30:10 +0000 (UTC)
	(envelope-from sean@gothic.net.au)
Received: from visi.gothic.net.au (visi.gothic.net.au [115.64.131.102])
	by mx1.freebsd.org (Postfix) with ESMTP id B337B8FC1E
	for <freebsd-stable@freebsd.org>; Thu, 17 Jun 2010 22:30:08 +0000 (UTC)
Received: from visi.gothic.net.au (localhost [127.0.0.1])
	by visi.gothic.net.au (Postfix) with ESMTP id 24D412B9C1
	for <freebsd-stable@freebsd.org>; Fri, 18 Jun 2010 08:30:05 +1000 (EST)
X-Virus-Scanned: amavisd-new at gothic.net.au
Received: from localhost ([127.0.0.1])
	by visi.gothic.net.au (visi.gothic.net.au [127.0.0.1]) (amavisd-new,
	port 10026)
	with SMTP id izjgj69OW5nC for <freebsd-stable@freebsd.org>;
	Fri, 18 Jun 2010 08:29:59 +1000 (EST)
Received: from sean-macbook.gothic.net.au (sean-macbook.gothic.net.au
	[10.168.1.31]) (using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested) (Authenticated sender: sean)
	by visi.gothic.net.au (Postfix) with ESMTPSA id 6D7772B9B2;
	Fri, 18 Jun 2010 08:29:59 +1000 (EST)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset=us-ascii
From: Sean <sean@gothic.net.au>
In-Reply-To: <AANLkTin8EINpW6kDTNZsTJOrvGnDAA6WCrRSJazZczyd@mail.gmail.com>
Date: Fri, 18 Jun 2010 08:29:58 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <820425CC-DEE2-4243-9549-E4C69A13517E@gothic.net.au>
References: <1276639800.2462.80.camel@localhost.localdomain>
	<1276646707.2462.82.camel@localhost.localdomain>
	<4C18195A.3020501@delphij.net>
	<20100617205302.GA60347@server.vk2pj.dyndns.org>
	<4C1A9989.3090507@gothic.net.au>
	<AANLkTin8EINpW6kDTNZsTJOrvGnDAA6WCrRSJazZczyd@mail.gmail.com>
To: Leif Walsh <leif.walsh@gmail.com>
X-Mailer: Apple Mail (2.1081)
Cc: freebsd-stable@freebsd.org
Subject: Re: [Stable 7] CPIO breakage/
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2010 22:30:10 -0000


On 18/06/2010, at 8:02 AM, Leif Walsh wrote:

> On Thu, Jun 17, 2010 at 2:54 PM, Sean <sean@gothic.net.au> wrote:
>> Easy.
>> Create a symlink etc, to /etc
>> Create a file etc/passwd containing whatever you want.
>=20
> This could be an artifact of coming from the Linux world and knowing
> little about the BSD kernel (and I should probably lurk a bit longer
> before posting on a new list), but wouldn't the symlink resolve and
> result in a totally new chain of lookup/permissions calls?  I don't
> see how making a symlink to a location allows you to change the
> permissions of that location just by changing the permissions of the
> symlink.
>=20

It only works if the user extracting already has permission to write =
there anyway. It's a means of taking advantage of a privileged user who =
extracts the tar.


> --=20
> Cheers,
> Leif