Bugtraq mailing list archives
Re: tar preserves setuid bit
From: Sean Comeau <scomeau () cansecwest com>
Date: Fri, 5 Aug 2005 16:34:16 -0700
On Fri, Aug 05, 2005 at 12:52:50AM +0100, Imran Ghory wrote:
The default behaviour of tar under root is not to change ownership of the file to root. However owner information is extracted from the tar file, so a trivialy modified tar file can ensure the owner of the extracted files is the root user. This allows for the creation of arbitary setuid executable owned by the root user if the root user extracts the files from a malliciously crafted tar file.
So what? When using tar to make backups this is what you need. The default behavior of GNU tar (and others) not to change the ownership of extracted files to self when running as root is well documented. The only attack I see in your case is when the attacker is a local user who gives root a tar with a setuid root program in it and root untars it in a place where the attacker can run it. While I'm sure such situations exist, I think they are rare, entirely the fault of the admin, and not worth changing the default behavior of tar over.
Current thread:
- tar preserves setuid bit Imran Ghory (Aug 05)
- Re: tar preserves setuid bit Neil McKellar (Aug 09)
- Re: tar preserves setuid bit Imran Ghory (Aug 09)
- Re: tar preserves setuid bit Jeremy C. Reed (Aug 09)
- Re: tar preserves setuid bit Imran Ghory (Aug 09)
- Re: tar preserves setuid bit Sean Comeau (Aug 09)
- Re: GNU tar and the setuid bit David Watson (Aug 09)
- Re: GNU tar and the setuid bit David Watson (Aug 09)
- Re: tar preserves setuid bit Neil McKellar (Aug 09)