home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.unix.aux
- Path: sparky!uunet!sun-barr!ames!nsisrv!jagubox!jim
- From: jim@jagubox.gsfc.nasa.gov (Jim Jagielski)
- Subject: Re: tar
- Message-ID: <1096@jagubox.gsfc.nasa.gov>
- Lines: 24
- Sender: usenet@nsisrv.gsfc.nasa.gov (Usenet)
- Nntp-Posting-Host: jagubox.gsfc.nasa.gov
- Reply-To: jim@jagubox.gsfc.nasa.gov (Jim Jagielski)
- Organization: NASA/Goddard Space Flight Center
- References: <DPASSAGE.92Sep11205455@eden.CS.Berkeley.EDU> <1992Sep12.060658.27698@nntpd.lkg.dec.com>
- Date: Sat, 12 Sep 1992 13:54:50 GMT
-
- halpin@vsg1.dsg.dec.com (Stephen E. Halpin) writes:
-
- >This version of tar requires you to use the 'o' option to untar files
- >under the uid of the person running tar. I just browsed /usr/bin/tar,
- >and it doesnt appear to have setuid set, which would almost imply anyone
- >could create files owned by someone else. If one of the users you can
- >create files as is root, then youre really scrod because anyone can
- >write a tar file with a root uid and their favorite executable. Has
- >anyone actually tried this to see if its possible?? -Steve
-
- It's no big deal to create files and then chown them to someone else;
- of course some systems are more restrictive about this now. The rub is
- whether you can SUID the file and then chown it to root and if the SUID
- bit remains set: under A/UX and about 99.995% of all UNIXs out there,
- this doesn't happen.
-
- chown/chgrp operations are different between SysV and BSD; BSD only
- allows root to chown or else it checks the real and effective UIDs of
- the process, SysV allows anyone to chown.
- --
- Jim Jagielski | "This is supposed to be a happy occasion.
- jim@jagubox.gsfc.nasa.gov | Let's not bicker and argue about who
- NASA/GSFC, Code 734.4 | killed who."
- Greenbelt, MD 20771 |
-
