[1422] in linux-security and linux-alert archive
[linux-security] Re: GNU tar vulnerability
daemon@ATHENA.MIT.EDU (Martinez ; Sylvain - BSc Mo)
Tue Feb 4 16:51:07 1997
Date: Mon, 3 Feb 1997 20:14:09 +0000 (GMT)
From: "Martinez ; Sylvain - BSc Mod Comp" <R903633@tees.ac.uk>
To: linux-security@redhat.com
In-Reply-To: <Pine.SUN.3.91.970125092857.2166D-100000@whopper.air.net.au>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
On Sat, 25 Jan 1997, Ben Elliston wrote:
> to create a tar file of the directory ~/files. Inside the
> subdirectory, place a copy of /bin/bash and, as fred, make
> the program setuid fred (the mode 4755 works well).
>
> Set the tar file to someone on machine B where the user "fred"
> does not exist and have them unpack the directory somewhere.
> Since "fred" does not exist on machine B and gtar is being
> run as root, you have created a world-executable setuid-root
> shell.
Well, I've tried on Linux and HPUX, and when you do : tar xvf file.tar
all the files have got the ID of the user who have done the tar command.
Do I miss something ?
Anyway, it seems to be normal, you can't put your home linux root shell on
a disk and then after mount the disk on an other Linux system as a
normal user and run your root shell ...
Best regards,
Sylvain.
---LINUX---LINUX---LINUX---LINUX---LINUX---LINUX---LINUX---LINUX---
MARTINEZ Sylvain
BSc in Computer Science (University of Teesside, UK)
Passion: Cryptography and Network Security
r903633@tees.ac.uk
http://www.asi.fr/~martinez