Date: Fri, 2 Aug 2002 04:14:04 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Maxim Sobolev <sobomax@FreeBSD.org> Cc: current@FreeBSD.org, <obrien@FreeBSD.org> Subject: Re: pkg_add broken by POLA breakage in tar Message-ID: <20020802040622.D3616-100000@gamplex.bde.org> In-Reply-To: <3D496884.EEB93078@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 1 Aug 2002, Maxim Sobolev wrote: > Maxim Sobolev wrote: > > > > Maxim Sobolev wrote: > > > > > > Bruce Evans wrote: > > > > > > > > Revs.1.2-1.3 of tar/src/extract.c break pkg_add (not to mention probably > > > > thousands of user scripts that are no more careful than pkg_add) in > > > > -current and RELENG_4: > > > > > > Are you sure? My own investigation at the time of the commit showed Oops, apparently not ... > > > that old tar shipped with FreeBSD, was adjusting permissions of > > > extracting files when running as uid 0 according to current umask > > > settings, so that IMO 1.2-1.3 actually restored POLA, not broke it. > > OK, further investigation shows that the problem is likely that unlike > the old one, the new tar doesn't preserve suid/sgid bits on > extraction, and it is what probably needs to be fixed instead. > > > > > Need evidence? Here it is: > > ... Sorry, I didn't test it at runtime. I don't really like either changing the Gnu/historical behaviour for root or preserving set*id bits while not preserving other attributes, but since this seems have 10 years of precedence in FreeBSD it doesn't break POLA. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020802040622.D3616-100000>