Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!newstop!texsun!letni!mic!convex!convex.COM
From: tchrist@convex.COM (Tom Christiansen)
Newsgroups: comp.unix.internals
Subject: Re: non-superuser chown(2)s considered harmful
Message-ID: <110091@convex.convex.com>
Date: 9 Dec 90 03:37:29 GMT
References: <658@silence.princeton.nj.us> <110064@convex.convex.com> <660691624.18045@mindcraft.com>
Sender: usenet@convex.com
Reply-To: tchrist@convex.COM (Tom Christiansen)
Organization: CONVEX Software Development, Richardson, TX
Lines: 26

In article <660691624.18045@mindcraft.com> karish@mindcraft.com (Chuck Karish) writes:
>The tar and cpio utilities on systems with privileged chown() should
>restore files and directories with the extractor's ID as owner, unless
>done with superuser privileges.  

Yes, but what happens where chown is not privileged?  

    % mkdir foo
    % touch foo/bar
    % chown somebody_else foo/bar foo

Now how do I get rid of that stuff?

>How should permissions be set on extraction from an archive?  Should
>setuid bits be honored?

I tend to prefer them to be maintained, even if it does seem to 
invite mischief.  It makes it hard to copy directories around 
otherwise.  I once tried to disable this and found it sure broke
a lot of things.  

--tom
--
Tom Christiansen		tchrist@convex.com	convex!tchrist
"With a kernel dive, all things are possible, but it sure makes it hard
 to look at yourself in the mirror the next morning."  -me