root+tar's '--same-owner --preserve' options

Robert Connolly robert at
Sat Mar 8 13:33:29 PST 2008

Hi. I just sent this to gnutar's mailing list:

This patch adds --disable-default-root-preserve to Tar, so root will not 
preserve file modes or ownership by default. The --same-owner and --preserve 
options still work. Root's umask is used by default.

This resolves a vulnerability in hlfs. Many packages extract with world 
writable directories and files, which are vulnerable to modification by any 
user on the host. Many packages extract with uid's which may exist on the 
host, making an unintended user the file's owner.

An alternative way of dealing with this would be 
using '--no-same-owner --no-same-permissions' whenever root run's tar. This 
is how almost everyone else deals with this. The patch is more straight 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <>

More information about the hlfs-dev mailing list