[1440] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] about GNU tar

daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Thu Feb 6 11:42:49 1997

To: linux-security@redhat.com
Date: Wed, 05 Feb 1997 09:51:04 -0500
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


It seems that a lot of people think that the problem with preserving
permissions is not a 'misconfiguration'. Okay, let me say what I really
think about it - it is a user error and a solution to that is to replace a
user and press 'enter'. Seriously, if you are _already_ root on a system
than system should not try to prevent you from doing stupid things. You are
_god_. What is the difference between the problem with GNU tar and execution
of a script that copies a shell into /tmp, makes it suid to root? NONE! If
you are root, there is _no_ good reason to untar a file onto a filesystem
which is accessible to users that allows suid programs to be run from. If
you insist on doing that, it is up to you to squash the suid bit. 

Alex


home help back first fref pref prev next nref lref last post