On 08/02/10 12:28, Eric Blake wrote: > since tar does have the likelihood > of creating children, yes, it should play nicely and restore privileges > before exec()ing.
Yes, that makes sense. However, the proposed patch isn't quite right, since it restores PRIV_SYS_LINKDIR even if the user had removed that privilege before invoking 'tar'. I see now that GNU tar has the same bug in the other place that it restores the privilege temporarily; that should be fixed too. Furthermore, in that other area there is a race condition if a signal arrives while privileges are temporarily restored; that bug should also be fixed. One other thing. GNU tar calls priv_set_remove_linkdir once in main, and once in extract_archive. Surely the latter call is redundant and can be removed.
