Bugtraq mailing list archives
Re: GNU tar vulnerability
From: mouse () HOLO RODENTS MONTREAL QC CA (der Mouse)
Date: Sat, 25 Jan 1997 16:37:49 -0500
GNU tar is lazy about file creation modes and file owners when unpacking a tar file. Because GNU tar defaults to creating files owned by the userid running tar when the username is not found on your system, it can be possible to inadvertantly create setuid root programs. [scenario]
Whaaaaat? If GNU tar, by default, uses a private header format that contains string names instead of the numeric UID and GID info a standard tar header block holds, IMO that is a crippling bug, because it will render it uninteroperable.
It's very, very easy to get caught out by this. I'd like to see GNU tar strip the setuid bit off files it has to revert the ownership for due to an unknown original owner.
I'd rather see it use standard header blocks by default, containing normal numeric UID and GID info. (If it is using header blocks containing numeric ownership info and refusing to chown files to a UID that does not correspond to any user on the extracting system, IMO that is another bug (and also a pretty critical one).) der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: GNU tar vulnerability der Mouse (Jan 25)