Bugtraq mailing list archives

Re: GNU tar and the setuid bit

From: David Watson <baikie () ehwhat freeserve co uk>
Date: Sun, 7 Aug 2005 00:11:45 +0100

On Saturday 06 Aug 2005 4:22 pm, David Watson wrote:

(By the way, -o is broken in version 1.14 at least, but --no-same-owner
works.)


Sorry, I just noticed that that last comment was entirely misleading! In all 
versions, using --no-same-owner without --no-same-permissions *will* cause 
the setuid and setgid bits to be preserved even where the owner or group has 
been changed to root (i.e. where a different UID or GID was specified in the 
archive), as will using -o (in 1.15) without --no-same-permissions. The -o 
option is 'broken' in 1.14 (and possibly in earlier versions) in that it 
simply fails to enable the intended behaviour (in fact it enables the exact 
opposite, being equivalent to --same-owner).

Current thread:

tar preserves setuid bit Imran Ghory (Aug 05)
- Re: tar preserves setuid bit Neil McKellar (Aug 09)
  - Re: tar preserves setuid bit Imran Ghory (Aug 09)
    - Re: tar preserves setuid bit Jeremy C. Reed (Aug 09)
- Re: tar preserves setuid bit Sean Comeau (Aug 09)
- Re: GNU tar and the setuid bit David Watson (Aug 09)
  - Re: GNU tar and the setuid bit David Watson (Aug 09)