Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!amdcad!ames!pacbell!hoptoad!peora!rtmvax!bilver!bill
From: bill@bilver.UUCP (Bill Vermillion)
Newsgroups: comp.unix.microport
Subject: Re: Security hole in tar on Microport
Message-ID: <287@bilver.UUCP>
Date: 4 Nov 88 02:32:10 GMT
References: <226@sea375.UUCP> <10750@ico.ISC.COM>
Reply-To: bill@bilver.UUCP (Bill Vermillion)
Organization: W. J. Vermillion, Winter Park, FL
Lines: 28

In article <10750@ico.ISC.COM+ rcd@ico.ISC.COM (Dick Dunn) writes:
+In article <226@sea375.UUCP>, dave@sea375.UUCP (David A. Wilson) writes:
+> I have a problem with using tar on microport. I created a tar floppy
+> on a system as an unpriviledged user. When I extracted the floppy on
+> another system running Microport System V/AT version 2.3 all the files
+> extracted were owned by the userid of the other system...

+                                                              The assump-
+tion is that either you're running as root and you want to restore the
+original owners OR you're not root, the chowns will all fail, and you will
+end up owning the files.

You can NOT restore the original owners of a file tar'ed from one machine and
restored on another UNLESS the password files have the same identical user
numbers in both.  tar stores the files owner/group as numbers indexed into the
password file.   If john is 245 on the extract machine and mary is 245 on the
destination, mary will be the owner.

+If the receiving user doesn't exist (e.g., restoring from a tar archive on
+another machine), root has to help you.  (You can't delete the directory,
+even if it's within a directory you can write, because it isn't empty.  You
+can't empty it because you don't own it or the file within it.)
 
And the receiving user must have the same id number on both machines.

-- 
Bill Vermillion - UUCP: {uiucuxc,hoptoad,petsd}!peora!rtmvax!bilver!bill
                      : bill@bilver.UUCP