Security hole in tar on Microport
James Van Artsdalen
james at bigtex.cactus.org
Tue Nov 8 14:13:16 AEST 1988
In <287 at bilver.UUCP>, bill at bilver.UUCP (Bill Vermillion) wrote:
> You can NOT restore the original owners of a file tar'ed from one
> machine and restored on another UNLESS the password files have the
> same identical user numbers in both.
This is not necessarily true with modern tar programs.
> tar stores the files owner/group as numbers indexed into the password
> file.
POSIX compatible tar stores the user and group name as ASCII in
addition to the number, and will restore to the user name if possible.
I'm using a somewhat modified version of John Gilmore's tar, which was
posted some time ago.
--
James R. Van Artsdalen james at bigtex.cactus.org "Live Free or Die"
Home: 512-346-2444 Work: 338-8789 9505 Arboretum Blvd Austin TX 78759
More information about the Comp.unix.microport
mailing list