[Buildroot] [PATCH] fs/tar: only store numeric uid/gid
thomas.petazzoni at free-electrons.com
Thu Feb 19 21:03:38 UTC 2015
Dear Yann E. MORIN,
On Mon, 16 Feb 2015 18:49:16 +0100, Yann E. MORIN wrote:
> If a target user is asigned a UID (e.g. 1000) that happens to also exist
> on the build machine, tar will happily store the username for that user.
> This can be seen by some as potential information disclosure.
> Instruct tar to just store the numeric uid/gid.
> Signed-off-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>
I hesitated a bit on this one, but I preferred to err on the safe side,
and therefore applied this patch to the 'next' branch.
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
More information about the buildroot