Re: GNU tar and the setuid bit
From: David Watson (baikie_at_ehwhat.freeserve.co.uk)
Date: 08/07/05
- Previous message: David Watson: "Re: GNU tar and the setuid bit"
- In reply to: David Watson: "Re: GNU tar and the setuid bit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bugtraq@securityfocus.com Date: Sun, 7 Aug 2005 00:11:45 +0100
On Saturday 06 Aug 2005 4:22 pm, David Watson wrote:
> (By the way, -o is broken in version 1.14 at least, but --no-same-owner
> works.)
Sorry, I just noticed that that last comment was entirely misleading! In all
versions, using --no-same-owner without --no-same-permissions *will* cause
the setuid and setgid bits to be preserved even where the owner or group has
been changed to root (i.e. where a different UID or GID was specified in the
archive), as will using -o (in 1.15) without --no-same-permissions. The -o
option is 'broken' in 1.14 (and possibly in earlier versions) in that it
simply fails to enable the intended behaviour (in fact it enables the exact
opposite, being equivalent to --same-owner).
- Previous message: David Watson: "Re: GNU tar and the setuid bit"
- In reply to: David Watson: "Re: GNU tar and the setuid bit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
