LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 10-12-2007, 11:45 AM   #1
Heiner
LQ Newbie
 
Registered: Sep 2006
Location: Fuerth, Germany
Distribution: FC6
Posts: 3

Rep: Reputation: 0
tar p vulnerability


Hi,

if I create a tarball at my Linux at home, containing an executable with root as owner and the sticky bit set, then I still can login to a different Linux, where I don't have root permissions, and extract that executable using the p switch. That will preserve the root owner and the sticky bit, so that I gain control over that Linux.

Kind regards
Heiner
 
Old 10-12-2007, 11:50 AM   #2
nomb
Member
 
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675

Rep: Reputation: 58
Comment Removed By Poster

Last edited by nomb; 10-12-2007 at 12:46 PM.
 
Old 10-12-2007, 12:11 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Heiner, the only way for untared files to have root ownership is if you have root privilages when you untar them. BTW, if you were able to have root-owned files when untaring them as a non-root user, that would be an operating system vulnerability, not a tar one.
 
Old 10-13-2007, 04:14 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Warning

Quote:
Originally Posted by Heiner View Post
That will preserve the root owner and the sticky bit, so that I gain control over that Linux.
You're obviously new here. Please read the LQ Rules because you border on violating the LQ Rules: "Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed." Feel free to contact me if you don't understand the LQ Rules.
 
Old 10-13-2007, 08:32 PM   #5
Heiner
LQ Newbie
 
Registered: Sep 2006
Location: Fuerth, Germany
Distribution: FC6
Posts: 3

Original Poster
Rep: Reputation: 0
I'm very sorry

Quote:
Originally Posted by unSpawn View Post
You're obviously new here. Please read the LQ Rules because you border on violating the LQ Rules: "Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed." Feel free to contact me if you don't understand the LQ Rules.
Hi,

I am aware that the information, that I posted, can be used to crack a system. I intendedly posted in the security forum. But I want to help making software more secure. Sometimes it is necessary to talk about a vulnerability before someone else uses such a vulnerability when he has found out and not shared his knowledge. I want to give the OS programmers and the tar programmers a chance to think about the security of the p option.

kind regards
Heiner
 
Old 10-13-2007, 10:35 PM   #6
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by Heiner View Post
I am aware that the information, that I posted, can be used to crack a system. I intendedly posted in the security forum.
Cracking information is not allowed on ANY of the LQ forums.

Quote:
But I want to help making software more secure. Sometimes it is necessary to talk about a vulnerability before someone else uses such a vulnerability when he has found out and not shared his knowledge. I want to give the OS programmers and the tar programmers a chance to think about the security of the p option.
If you find a security vulnerability in a program, the ethical first thing to do is to contact the developer in private - not go and post it on a public website. There is actually a de-facto standard order of steps to take in these cases, and it goes something like: 1) Notify developer. 2) Notify users. 3) Notify public. Google for vulnerability disclosure guidelines if you want details.

As a side note, I hope that by now you understand that something is definitely not right in your setup, and the "vulnerability" you are refering to might just mean that something is broken on your box. Or perhaps you haven't even tried to do it yet but you imagine it would work this way. I don't know. All I can tell you is that non-root users will not be able to have files untar with root permissions no matter how many sticky bits were set.

Having said that, I'm closing this thread because even though the vulnerability you speak of seems imaginary to me, the intention behind your post (to share information about what you believe really is a crack) is very real and it is not compatible with the LQ Rules, as has already been mentioned by unSpawn. Don't ever make these type of posts again - consider this an official warning.

Last edited by win32sux; 10-13-2007 at 10:40 PM.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how can i decompress this tar.tar file? hmmm sounds new.. tar.tar.. help ;) kublador Linux - Software 14 10-25-2016 03:48 AM
tar tar cvf - . | (cd /root/; tar xvf -) ewt3y Linux - General 10 02-19-2014 11:55 AM
BackUp & Restore with TAR (.tar / .tar.gz / .tar.bz2 / tar.Z) asgarcymed Linux - General 5 12-31-2006 03:53 AM
tar | ssh (tar > .tar) syntax issues EarlMosier Linux - Software 6 12-21-2006 01:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration