lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 5 Aug 2005 22:58:07 +0100
From: Imran Ghory <imranghory@...il.com>
To: Neil McKellar <mckellar@...usplanet.net>,
	bugtraq@...urityfocus.com
Subject: Re: tar preserves setuid bit


On 8/5/05, Neil McKellar <mckellar@...usplanet.net> wrote:
> Imran Ghory <imranghory@...il.com> wrote:
> > If running as the root user tar restores the original permissions to
> > extracted files, this includes the setuid bit. No warning is given to
> > the user that this has happened.
> 
> From the default man page for tar:
> 
>     The owner, modification time, and mode are restored (if possible);
> 
> This isn't specific to GNU, it's *expected behaviour* for every version of tar.
>  In fact, a failure to conform to this behaviour breaks essential functionality
> of tar. 

I'm not saying that it shouldn't have the behaviour, rather that it
should warn the user.

Howeber the only reason I posted this "bug" was because a number of
unix/linux vendors have decided that the same issue in unzip (which I
cited earlier : CAN-2005-0602) should be considered a vulnerability
and have issued patches to change the behaviour. Hence they may (or
may not) decide to take similar action with tar,

> What part of 'Tape ARchive' wasn't clear?  Would you be happy if your backup and
> restore procedures failed to actually restore files in their original condition?

The number of people who use tar for archival purposes is minimal
compared to those who use it for distribution purposes. Of course you
could argue that misusing an archival tool as a distribution tool is
the source of this potential problem, but the fact is that it is used
for distribution purposes and thus is a potentinal attack vector.

Imran Ghory

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ