[1422] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: GNU tar vulnerability

daemon@ATHENA.MIT.EDU (Martinez ; Sylvain - BSc Mo)
Tue Feb 4 16:51:07 1997

Date: Mon, 3 Feb 1997 20:14:09 +0000 (GMT)
From: "Martinez ; Sylvain        - BSc Mod Comp" <R903633@tees.ac.uk>
To: linux-security@redhat.com
In-Reply-To: <Pine.SUN.3.91.970125092857.2166D-100000@whopper.air.net.au>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

On Sat, 25 Jan 1997, Ben Elliston wrote:

>         to create a tar file of the directory ~/files.  Inside the
>         subdirectory, place a copy of /bin/bash and, as fred, make
>         the program setuid fred (the mode 4755 works well).
> 
>         Set the tar file to someone on machine B where the user "fred"
>         does not exist and have them unpack the directory somewhere.
>         Since "fred" does not exist on machine B and gtar is being
>         run as root, you have created a world-executable setuid-root
>         shell.

Well, I've tried on Linux and HPUX, and when you do : tar xvf file.tar
all the files have got the ID of the user who have done the tar command.
 
Do I miss something ?

Anyway, it seems to be normal, you can't put your home linux root shell on
a disk and then after mount the disk on an other Linux system as a
normal user and run your root shell ...

Best regards,
Sylvain.

---LINUX---LINUX---LINUX---LINUX---LINUX---LINUX---LINUX---LINUX---
MARTINEZ Sylvain
BSc in Computer Science (University of Teesside, UK)
Passion: Cryptography and Network Security
r903633@tees.ac.uk
http://www.asi.fr/~martinez


home help back first fref pref prev next nref lref last post