> > This isn't true; tar can request to not set the ownership, it can just > extract the files and leave permissions and ownership alone. > If that were the case, hacking a system would be trivially easy: get a user login process, untar a pre-made tar ball with setuid root scripts in it, elevate privileges. One of the basic tenets of the Unix security model is that a non-root process can only create files with the same ownership as that process is running as; further, a process can not "give away" ownership of a file.
P. _______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... http://mail.gnome.org/mailman/listinfo/evolution-list
