Security hole in tar on Microport
David A. Wilson
dave at sea375.UUCP
Sun Oct 30 07:51:14 AEST 1988
I have a problem with using tar on microport. I created a tar floppy
on a system as an unpriviledged user. When I extracted the floppy on
another system running Microport System V/AT version 2.3 all the files
extracted were owned by the userid of the other system. I was logged
on to microport as an unpriviledged user and expected the files to
be owned by me, what a surprize! I did not use the 'p' option on tar
and the tar program is not setuid or setgid. How can this happen?
It seems like a rather large security hole to me! I have never seen
this behavior on other systems, so what's the problem with microport?
Are other utilities in microport allowed to do this also?
Concerned,
David A. Wilson
dave at sea375.UUCP
uw-beaver!tikal!slab!sea375!dave
--
David A. Wilson
uw-beaver!tikal!slab!sea375!dave
More information about the Comp.unix.microport
mailing list