Re: bsdtar's security restrictions (was Re: Spurious EACCES errors from apache)

From: Tim Kientzle <kientzle_at_freebsd.org>
Date: Sat, 21 Aug 2004 14:24:01 -0700
Kris Kennaway wrote:
> 
> ....can't you make it just not clear
> permissions on files and directories that already exist?  If they have
> relaxed or insecure permissions, they had insecure permissions to
> begin with and one may assume this is by intention.

And, conversely, if they had restricted permissions, then we
can assume that was by intention and we shouldn't loosen
them. <sigh>  That makes the current behavior actually less secure
than it should be, doesn't it?

Try the attached and let me know if that fixes it.

Tim

Index: archive_read_extract.c
===================================================================
RCS file: /home/ncvs/src/lib/libarchive/archive_read_extract.c,v
retrieving revision 1.33
diff -u -r1.33 archive_read_extract.c
--- archive_read_extract.c	7 Aug 2004 03:09:28 -0000	1.33
+++ archive_read_extract.c	21 Aug 2004 21:21:27 -0000
_at__at_ -479,7 +479,7 _at__at_
 	if (extract->pst != NULL) {
 		extract->pst = &extract->st;
 		if (S_ISDIR(extract->pst->st_mode))
-			goto success;
+			return (ARCHIVE_OK);
 		/* It exists but isn't a dir. */
 		if ((flags & ARCHIVE_EXTRACT_UNLINK))
 			unlink(path);
Received on Sat Aug 21 2004 - 19:24:03 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:07 UTC