From owner-freebsd-current  Thu Aug  1 11: 9:13 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id AC06937B400; Thu,  1 Aug 2002 11:09:09 -0700 (PDT)
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 5085B43E4A; Thu,  1 Aug 2002 11:09:08 -0700 (PDT)
	(envelope-from bde@zeta.org.au)
Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102])
	by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id EAA26972;
	Fri, 2 Aug 2002 04:09:05 +1000
Date: Fri, 2 Aug 2002 04:14:04 +1000 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender: bde@gamplex.bde.org
To: Maxim Sobolev <sobomax@FreeBSD.org>
Cc: current@FreeBSD.org, <obrien@FreeBSD.org>
Subject: Re: pkg_add broken by POLA breakage in tar
In-Reply-To: <3D496884.EEB93078@FreeBSD.org>
Message-ID: <20020802040622.D3616-100000@gamplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Thu, 1 Aug 2002, Maxim Sobolev wrote:

> Maxim Sobolev wrote:
> >
> > Maxim Sobolev wrote:
> > >
> > > Bruce Evans wrote:
> > > >
> > > > Revs.1.2-1.3 of tar/src/extract.c break pkg_add (not to mention probably
> > > > thousands of user scripts that are no more careful than pkg_add) in
> > > > -current and RELENG_4:
> > >
> > > Are you sure? My own investigation at the time of the commit showed

Oops, apparently not ...

> > > that old tar shipped with FreeBSD, was adjusting permissions of
> > > extracting files when running as uid 0 according to current umask
> > > settings, so that IMO 1.2-1.3 actually restored POLA, not broke it.
>
> OK, further investigation shows that the problem is likely that unlike
> the old one, the new tar doesn't preserve suid/sgid bits on
> extraction, and it is what probably needs to be fixed instead.
>
> >
> > Need evidence? Here it is:
> > ...

Sorry, I didn't test it at runtime.  I don't really like either changing
the Gnu/historical behaviour for root or preserving set*id bits while not
preserving other attributes, but since this seems have 10 years of
precedence in FreeBSD it doesn't break POLA.

Bruce


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message