[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-tar] tar 1.23 Solaris regression
|
From: |
Paul Eggert |
|
Subject: |
Re: [Bug-tar] tar 1.23 Solaris regression |
|
Date: |
Mon, 02 Aug 2010 14:36:23 -0600 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6 |
On 08/02/10 12:28, Eric Blake wrote:
> since tar does have the likelihood
> of creating children, yes, it should play nicely and restore privileges
> before exec()ing.
Yes, that makes sense. However, the proposed patch isn't quite
right, since it restores PRIV_SYS_LINKDIR even if the user had
removed that privilege before invoking 'tar'.
I see now that GNU tar has the same bug in the other place that
it restores the privilege temporarily; that should be fixed too.
Furthermore, in that other area there is a race condition if
a signal arrives while privileges are temporarily restored; that
bug should also be fixed.
One other thing. GNU tar calls priv_set_remove_linkdir once in main,
and once in extract_archive. Surely the latter call is
redundant and can be removed.
- [Bug-tar] tar 1.23 Solaris regression, Petr Sumbera, 2010/08/02
- Re: [Bug-tar] tar 1.23 Solaris regression, David Bartley, 2010/08/02
- Re: [Bug-tar] tar 1.23 Solaris regression, Eric Blake, 2010/08/02
- Re: [Bug-tar] tar 1.23 Solaris regression, Petr Sumbera, 2010/08/10
- Re: [Bug-tar] tar 1.23 Solaris regression, David Bartley, 2010/08/10
- Re: [Bug-tar] tar 1.23 Solaris regression, Petr Sumbera, 2010/08/10
- Re: [Bug-tar] tar 1.23 Solaris regression, David Bartley, 2010/08/10