[Buildroot] [PATCH] fs/tar: only store numeric uid/gid

Yann E. MORIN yann.morin.1998 at free.fr
Mon Feb 16 17:49:16 UTC 2015

If a target user is asigned a UID (e.g. 1000) that happens to also exist
on the build machine, tar will happily store the username for that user.

This can be seen by some as potential information disclosure.

Instruct tar to just store the numeric uid/gid.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>

Yes, there are so many other locations where we may have such
information disclosure. But this one is pretty easy to fix.
 fs/tar/tar.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/tar/tar.mk b/fs/tar/tar.mk
index 780827e..28219cf 100644
--- a/fs/tar/tar.mk
+++ b/fs/tar/tar.mk
@@ -7,7 +7,7 @@
-	tar -c$(TAR_OPTS)f $@ -C $(TARGET_DIR) .
+	tar -c$(TAR_OPTS)f $@ --numeric-owner -C $(TARGET_DIR) .
 $(eval $(call ROOTFS_TARGET,tar))

More information about the buildroot mailing list