On Friday 05 Aug 2005 12:52 am, Imran Ghory wrote: > If running as the root user tar restores the original permissions to > extracted files, this includes the setuid bit. No warning is given to > the user that this has happened. > > The default behaviour of tar under root is not to change ownership of > the file to root. However owner information is extracted from the tar > file, so a trivialy modified tar file can ensure the owner of the > extracted files is the root user. > > This allows for the creation of arbitary setuid executable owned by > the root user if the root user extracts the files from a malliciously > crafted tar file. With GNU tar (which you seem to be referring to), using --no-same-permissions when extracting clears all of the setuid, setgid and sticky bits in addition to subtracting the umask (undocumented behaviour, but logical enough). It's advisable to use this along with -o when extracting random archives as root. (Although as I've just noticed, -o alone will turn any setuid executable into a setuid-root executable - now that *is* a bug!) Or of course, you could extract them as someone else ;) It looks as if they're planning to make --no-same-permissions the default for root in future, but 'alias tar="tar --no-same-permissions"' does the trick for now, if you don't mind breaking the old-style option syntax (-p reenables the full permissions from the archive, of course). (By the way, -o is broken in version 1.14 at least, but --no-same-owner works.)
