Re: tar preserves setuid bit

To: Imran Ghory <imranghory@xxxxxxxxx>
Subject: Re: tar preserves setuid bit
From: "Jeremy C. Reed" <reed@xxxxxxxxxxxxx>
Date: Tue, 9 Aug 2005 09:12:02 -0700 (PDT)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <7389fc4b05080514583061f7fb@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <7389fc4b05080416526bee4bd3@xxxxxxxxxxxxxx> <1123277644.42f3db4c4ef9f@xxxxxxxxxxxxxxxxxxxxxxx> <7389fc4b05080514583061f7fb@xxxxxxxxxxxxxx>
Sender: "Jeremy C. Reed" <reed@xxxxxxxxxxxxxxxxxxxxxx>

On Fri, 5 Aug 2005, Imran Ghory wrote:

I'm not saying that it shouldn't have the behaviour, rather that it
should warn the user.

Howeber the only reason I posted this "bug" was because a number of
unix/linux vendors have decided that the same issue in unzip (which I
cited earlier : CAN-2005-0602) should be considered a vulnerability
and have issued patches to change the behaviour. Hence they may (or
may not) decide to take similar action with tar,

I thought this was a little different. According to unzip advisory, normalunzip does this behaviour. But with tar you usually use the -p switch --so you have to make a simple effort to do the setuid/setgid. Also you'dneed to be root to set it to setuid.


It is not documented well in the gtar manual page:

         -p, --same-permissions, --preserve-permissions
              extract all protection information

But then I read GNU tar-1.15.1 README which says:

 About *security*, it is probable that future releases of `tar' will have
 some behavior changed.  There are many pending suggestions to choose  from.
 Today, extracting an archive not being `root', `tar' will restore  suid/sgid
 bits on files but owned by the extracting user.  `root' automatically gets
 a lot of special privileges, `-p' might later become required to get them.

I tested and as root it did automatically preserve the setuid and I wassurprised by this behaviour as I had always used -p switch before.


The man page for tar from NetBSD (not gtar) says:

   -p, --preserve-permissions, --preserve
               Preserve user and group ID as well as file mode regardless
               of the current umask(2).  The setuid and setgid bits are
               only preserved if the user is the superuser.  Only meaning-
               ful in conjunction with the -x flag.

With NetBSD's tar you are required to use the -p switch.

I don't know when GNU tar changed -- or maybe I had always used somepatched GNU tar that forced this -- but maybe it should expect -p also.


 Jeremy C. Reed

                         BSD News, BSD tutorials, BSD links
                         http://www.bsdnewsletter.com/

References:
- tar preserves setuid bit
  - From: Imran Ghory
- Re: tar preserves setuid bit
  - From: Neil McKellar
- Re: tar preserves setuid bit
  - From: Imran Ghory

Prev by Date: iDEFENSE Security Advisory 08.09.05: AWStats ShowInfoURL Remote Command Execution Vulnerability
Next by Date: BID 14355, VERITAS NetBackup 5.1 Time Stamp Vulnerability
Previous by thread: Re: tar preserves setuid bit
Next by thread: Re: tar preserves setuid bit
Index(es):
- Date
- Thread