Agree, thanks for your solution!
Will this solution be part of upstream code in near future ?
Thanks.
Ondrej
On Mon, Feb 8, 2021 at 5:06 PM Sergey Poznyakoff wrote:
> FWIW, I'd rather propose something like that:
>
> diff --git a/lib/system.h b/lib/system.h
> index e7f531c..dffab86 100644
> -
Hi Ondrej,
> Tar does not attempt to initialize supplementary groups when dropping
> privileges.
Indeed, it does not. However doing it the way you propose is of little
practical value, because the caller might as well set the USER variable
to any other user in order to obtain that user's privile
FWIW, I'd rather propose something like that:
diff --git a/lib/system.h b/lib/system.h
index e7f531c..dffab86 100644
--- a/lib/system.h
+++ b/lib/system.h
@@ -470,19 +470,37 @@ char *getenv ();
#if MSDOS
# include
# define SET_BINARY_MODE(arc) setmode(arc, O_BINARY)
# define ERRNO_IS_EACCES e
Gentle ping.
Patch available. Tar does not attempt to initialize supplementary groups
when dropping privileges. Also according to this
https://wiki.sei.cmu.edu/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
git should be reseted before uid.
diff --gi
When tar executes remote command for remote archive (by default
/usr/bin/ssh), it calls sys_reset_uid_gid in rmt_open__ in forked
child right before execl. So it seems like the intent in
set-uid/set-gid situations is to run the remote command with the
privileges of the invoking user, not with the e
