git archive's tar format uses extended pax headers to encode metadata into the archive. Most tar implementations correctly treat these as metadata, but some that do not understand the pax format extract these as files instead. Apply the tar.umask setting to these entries to prevent tampering by other users. Signed-off-by: brian m. carlson <sandals@xxxxxxxxxxxxxxxxxxxx> --- Technically, this is a security issue. However, the files created are not very useful[0] and the only implementations I found that write these files are GNU cpio, Debian/MirBSD/OpenBSD pax, and 7zip, none of which are commonly used to handle tar archives on Unix. The latter two also honor the user's umask by default, making this even less problematic. Given the unlikely situation, I feel treating this as a regular bug is fine. node tar, FreeBSD tar, GNU tar, and Schily tar all handle pax headers correctly. [0] Okay, yes, you can exhaust someone else's quota. archive-tar.c | 4 ++-- t/t5004-archive-corner-cases.sh | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/archive-tar.c b/archive-tar.c index 719b629..603650f 100644 --- a/archive-tar.c +++ b/archive-tar.c @@ -192,7 +192,7 @@ static int write_extended_header(struct archiver_args *args, unsigned int mode; memset(&header, 0, sizeof(header)); *header.typeflag = TYPEFLAG_EXT_HEADER; - mode = 0100666; + mode = 0100666 & ~tar_umask; sprintf(header.name, "%s.paxheader", sha1_to_hex(sha1)); prepare_header(args, &header, mode, size); write_blocked(&header, sizeof(header)); @@ -300,7 +300,7 @@ static int write_global_extended_header(struct archiver_args *args) strbuf_append_ext_header(&ext_header, "comment", sha1_to_hex(sha1), 40); memset(&header, 0, sizeof(header)); *header.typeflag = TYPEFLAG_GLOBAL_HEADER; - mode = 0100666; + mode = 0100666 & ~tar_umask; strcpy(header.name, "pax_global_header"); prepare_header(args, &header, mode, ext_header.len); write_blocked(&header, sizeof(header)); diff --git a/t/t5004-archive-corner-cases.sh b/t/t5004-archive-corner-cases.sh index 305bcac..83d20c4 100755 --- a/t/t5004-archive-corner-cases.sh +++ b/t/t5004-archive-corner-cases.sh @@ -113,4 +113,9 @@ test_expect_success 'archive empty subtree by direct pathspec' ' check_dir extract sub ' +test_expect_success 'archive applies umask even for pax headers' ' + git archive --format=tar HEAD >archive.tar && + ! grep 0666 archive.tar +' + test_done -- 2.0.1 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html