Bug#144571: dpkg-source invokes tar without --no-same-owner

Thu, 25 Apr 2002 19:50:02 -0500 

Package: dpkg-dev
Version: 1.9.20

Hi,

when extracting tar files, --no-same-owner is the default for everyone
except root.  This means that dpkg-source -x used as root will produce
more or less random uids/gids on the files and directories it extracts.

ulysses:/pngtest# /usr/bin/dpkg-source~ -x libpng_1.0.12-3.dsc
dpkg-source~: extracting libpng in libpng-1.0.12
ulysses:/pngtest# ls -ld libpng-1.0.12
drwxr-xr-x    6 620      96           4096 26. Apr 02:26 libpng-1.0.12/

This is obviously bad.  The below patch fixes that, it has the problem
however that it requires GNU tar.  This might be a problem for the BSD
people.  However, the only more portable solution would be to create a
directory only accessible by root, extracting there, and then do a
chown -R root.root (the intermediate directory is necessary to protect the
files from the random user like 620 above while unpacking).

The severity of this bug is arguably grave, as it is a potential
security leak, if root isn't extremely careful when using dpkg-source (eg,
using a protected directory to build in itself etc).  However, for me the
aspect that the uids/gids are bogus is much more important than the
potential security leak (as it leads to packages containing files with those
ids on the Hurd, which is indeed another bug).

I will also look into why tar thinks it should create files with those funny
numbers in the first place.  However, even when this is fixed dpkg-source
needs this change, as the user/group name in the tar file could match a system
account name by accident.

Thanks,
Marcus

2002-04-26  Marcus Brinkmann <[EMAIL PROTECTED]>

        * scripts/dpkg-source.pl: Invoke tar with --no-same-owner to fix ids
        when unpacking as root.

--- dpkg-source.pl~     Sun Mar 17 10:54:01 2002
+++ dpkg-source.pl      Fri Apr 26 02:22:13 2002
@@ -963,7 +963,7 @@
         open(STDIN,"<&GZIP") || &syserr("reopen gzip for tar -xkf -");
         &cpiostderr;
         chdir("$dirchdir") || &syserr("cannot chdir to \`$dirchdir' for tar 
extract");
-        exec('tar','-xkf','-'); &syserr("exec tar -xkf -");
+        exec('tar','--no-same-owner','-xkf','-'); &syserr("exec tar -xkf -");
     }
     close(GZIP);
     $c2 == waitpid($c2,0) || &syserr("wait for tar -xkf -");


-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org [EMAIL PROTECTED]
Marcus Brinkmann              GNU    http://www.gnu.org    [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.marcus-brinkmann.de


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to