Bugtraq mailing list archives
Re: GNU tar and the setuid bit
From: David Watson <baikie () ehwhat freeserve co uk>
Date: Sat, 6 Aug 2005 16:22:48 +0100
On Friday 05 Aug 2005 12:52 am, Imran Ghory wrote:
If running as the root user tar restores the original permissions to extracted files, this includes the setuid bit. No warning is given to the user that this has happened. The default behaviour of tar under root is not to change ownership of the file to root. However owner information is extracted from the tar file, so a trivialy modified tar file can ensure the owner of the extracted files is the root user. This allows for the creation of arbitary setuid executable owned by the root user if the root user extracts the files from a malliciously crafted tar file.
With GNU tar (which you seem to be referring to), using --no-same-permissions when extracting clears all of the setuid, setgid and sticky bits in addition to subtracting the umask (undocumented behaviour, but logical enough). It's advisable to use this along with -o when extracting random archives as root. (Although as I've just noticed, -o alone will turn any setuid executable into a setuid-root executable - now that *is* a bug!) Or of course, you could extract them as someone else ;) It looks as if they're planning to make --no-same-permissions the default for root in future, but 'alias tar="tar --no-same-permissions"' does the trick for now, if you don't mind breaking the old-style option syntax (-p reenables the full permissions from the archive, of course). (By the way, -o is broken in version 1.14 at least, but --no-same-owner works.)
Current thread:
- tar preserves setuid bit Imran Ghory (Aug 05)
- Re: tar preserves setuid bit Neil McKellar (Aug 09)
- Re: tar preserves setuid bit Imran Ghory (Aug 09)
- Re: tar preserves setuid bit Jeremy C. Reed (Aug 09)
- Re: tar preserves setuid bit Imran Ghory (Aug 09)
- Re: tar preserves setuid bit Sean Comeau (Aug 09)
- Re: GNU tar and the setuid bit David Watson (Aug 09)
- Re: GNU tar and the setuid bit David Watson (Aug 09)
- Re: tar preserves setuid bit Neil McKellar (Aug 09)