Re: GNU tar and the setuid bit

[David Watson <baikie () ehwhat freeserve co uk>]

On Friday 05 Aug 2005 12:52 am, Imran Ghory wrote:
> If running as the root user tar restores the original permissions to
> extracted files, this includes the setuid bit. No warning is given to
> the user that this has happened.
>
> The default behaviour of tar under root is not to change ownership of
> the file to root. However owner information is extracted from the tar
> file, so a trivialy modified tar file can ensure the owner of the
> extracted files is the root user.
>
> This allows for the creation of arbitary setuid executable owned by
> the root user if the root user extracts the files from a malliciously
> crafted tar file.

With GNU tar (which you seem to be referring to), using --no-same-permissions 
when extracting clears all of the setuid, setgid and sticky bits in addition 
to subtracting the umask (undocumented behaviour, but logical enough). It's 
advisable to use this along with -o when extracting random archives as root. 
(Although as I've just noticed, -o alone will turn any setuid executable into 
a setuid-root executable - now that *is* a bug!) Or of course, you could 
extract them as someone else ;)

It looks as if they're planning to make --no-same-permissions the default for 
root in future, but 'alias tar="tar --no-same-permissions"' does the trick 
for now, if you don't mind breaking the old-style option syntax (-p reenables 
the full permissions from the archive, of course).

(By the way, -o is broken in version 1.14 at least, but --no-same-owner 
works.)