Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 24 Sep 2004 15:50:46 -0000
From:      Maxim Sobolev <sobomax@FreeBSD.ORG>
To:        dwbear75@gmail.com
Cc:        security@FreeBSD.ORG
Subject:   Re: WARNING! New GNU Tar in 5-CURRENT could erroneously createworld writeable dirs
Message-ID:  <200206070608.g57682M20849@vega.vega.com>
In-Reply-To: <no.id@mx2.FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
> 
> > 
> > Hi,
> > 
> > I've just noticed that something wrong with the new tar in the base
> > system (1.13.25) - when extracting some archives it creates 777 dirs,
> > while permissions in the archive itself are OK (for example GNU make
> > make-3.79.1.tar.gz - top level dir gets 777 as well as several
> > other lowel level dirs). The issue is under investigation.
> 
> Should be solved now. Stupid GNU folks for some reason decided that
> when tar is executed as uid 0 then by default umask(2) should not be
> applied to files and dirs being extracted.

That said, anybody who runs 5.0-CURRENT with the new tar is advised to
clean up all ports' WRKDIRs she might have, to avoid being trojaned
by a local user.

-Maxim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206070608.g57682M20849>