On Thu, 1 Aug 2002, Maxim Sobolev wrote: > Maxim Sobolev wrote: > > > > Maxim Sobolev wrote: > > > > > > Bruce Evans wrote: > > > > > > > > Revs.1.2-1.3 of tar/src/extract.c break pkg_add (not to mention probably > > > > thousands of user scripts that are no more careful than pkg_add) in > > > > -current and RELENG_4: > > > > > > Are you sure? My own investigation at the time of the commit showed
Oops, apparently not ... > > > that old tar shipped with FreeBSD, was adjusting permissions of > > > extracting files when running as uid 0 according to current umask > > > settings, so that IMO 1.2-1.3 actually restored POLA, not broke it. > > OK, further investigation shows that the problem is likely that unlike > the old one, the new tar doesn't preserve suid/sgid bits on > extraction, and it is what probably needs to be fixed instead. > > > > > Need evidence? Here it is: > > ... Sorry, I didn't test it at runtime. I don't really like either changing the Gnu/historical behaviour for root or preserving set*id bits while not preserving other attributes, but since this seems have 10 years of precedence in FreeBSD it doesn't break POLA. Bruce To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
