[BusyBox] Bug report: untarring setuid files with symbolic links to them
Ben Weintraub
benwei at veriwave.com
Sun Dec 21 01:06:50 UTC 2003
I have been experimenting with the busybox version of tar, trying to
find out why my the setuid bits on some of my files are not preserved,
while others are, and I think I have found the reason. It appears that
setuid files that have symbolic links to them don't get their setuid bit
preserved by bb tar, while GNU tar does preserve them.
I made a simple test case so I could see if this was really the issue.
I have a directory with some files in it like this:
-rwsr-sr-x 1 benwei benwei 12K Dec 20 16:44 hello
-rw-r--r-- 1 benwei benwei 111 Dec 20 16:44 hello.c
-rwsr-sr-x 1 benwei benwei 12K Dec 20 16:56 hello2
lrwxrwxrwx 1 benwei benwei 5 Dec 20 16:44 hithere -> hello
So as you can see, hello and hello2 are setuid executables. hithere is
a symbolic link to hello. hello.c is just a normal file. I made a
makefile which creates a tar archive of this directory using the
--preserve-permissions option, and then untars it with busybox tar and
GNU tar. Here is what happens:
mkdir ./gnutar
mkdir ./bb
tar --preserve-permissions -cvf ./dir.tar dir
dir/
dir/hello
dir/hello.c
dir/hithere
dir/hello2
tar -C ./gnutar --preserve-permissions -xvf ./dir.tar
dir/
dir/hello
dir/hello.c
dir/hithere
dir/hello2
./busybox tar -p -C ./bb -xvf ./dir.tar
dir
dir/hello
dir/hello.c
dir/hithere
dir/hello2
ls -lh ./gnutar/dir/hello
-rwsr-sr-x 1 benwei benwei 12K Dec 20 16:44
./gnutar/dir/hello
ls -lh ./gnutar/dir/hello2
-rwsr-sr-x 1 benwei benwei 12K Dec 20 16:56
./gnutar/dir/hello2
ls -lh ./bb/dir/hello
-rwxrwxrwx 1 benwei benwei 12K Dec 20 16:44 ./bb/dir/hello
ls -lh ./bb/dir/hello2
-rwsr-sr-x 1 benwei benwei 12K Dec 20 16:56 ./bb/dir/hello2
As you can see, both versions preserve the setuid bit on hello2, which
has no symbolic links to it. However, only GNU tar preserves the setuid
bit on hello, which does have a symbolic link to it.
--
Ben Weintraub <benwei at veriwave.com>
More information about the busybox
mailing list