Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!labrea!rutgers!mailrus!tut.cis.ohio-state.edu!cs.utexas.edu!ut-emx!mybest!bigtex!james
From: james@bigtex.cactus.org (James Van Artsdalen)
Newsgroups: comp.unix.microport
Subject: Re: Security hole in tar on Microport
Message-ID: <10354@bigtex.cactus.org>
Date: 8 Nov 88 04:13:16 GMT
References: <226@sea375.UUCP> <10750@ico.ISC.COM> <287@bilver.UUCP>
Reply-To: james@bigtex.cactus.org (James Van Artsdalen)
Organization: Institute of Applied Cosmology, Austin TX
Lines: 17

In <287@bilver.UUCP>, bill@bilver.UUCP (Bill Vermillion) wrote:

> You can NOT restore the original owners of a file tar'ed from one
> machine and restored on another UNLESS the password files have the
> same identical user numbers in both.

This is not necessarily true with modern tar programs.

> tar stores the files owner/group as numbers indexed into the password
> file.

POSIX compatible tar stores the user and group name as ASCII in
addition to the number, and will restore to the user name if possible.
I'm using a somewhat modified version of John Gilmore's tar, which was
posted some time ago.
-- 
James R. Van Artsdalen      james@bigtex.cactus.org      "Live Free or Die"
Home: 512-346-2444 Work: 338-8789       9505 Arboretum Blvd Austin TX 78759