On 08/02/10 22:36, Paul Eggert wrote:
On 08/02/10 12:28, Eric Blake wrote:
since tar does have the likelihood
of creating children, yes, it should play nicely and restore privileges
before exec()ing.
Yes, that makes sense. However, the proposed patch isn't quite
right, since it restores PRIV_SYS_LINKDIR even if the user had
removed that privilege before invoking 'tar'.
I don't think that PRIV_SYS_LINKDIR is added even if it wasn't there at
program start. See priv_set_restore() which is checking whether the
privilege was removed.
See the code from GNU tar 1.23:
http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/gtar/tar-1.23/gnu/priv-set.c#124
David, I see this is your code in priv-set.c. I think your comments for
priv_set_remove() and priv_set_restore() are not correct. The code looks
to me that it actually returns -1 for:
83 Returns 0 if ... or was not present in the effective set.
114 Returns 0 if ...
115 ... or if priv was already in the
116 effective set.
Petr
