From xemacs-m  Tue Apr  1 17:14:22 1997
Received: from newman (root@newman.aventail.com [199.238.236.1])
	by xemacs.org (8.8.5/8.8.5) with SMTP id RAA26192
	for <xemacs-beta@xemacs.org>; Tue, 1 Apr 1997 17:14:21 -0600 (CST)
Received: from kramer.in.aventail.com.aventail.com (wmperry@kramer [192.168.1.12]) by newman (8.6.12/8.6.9) with SMTP id OAA06912; Tue, 1 Apr 1997 14:41:34 -0800
Date: Tue, 1 Apr 1997 14:41:34 -0800
Message-Id: <199704012241.OAA06912@newman>
From: "William M. Perry" <wmperry@aventail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Steven L Baur <steve@miranova.com>
Cc: xemacs-beta@xemacs.org
Subject: Re: A security hole during XEmacs installation
In-Reply-To: <m2raguibri.fsf@altair.xemacs.org>
References: <kig7mipznnu.fsf@jagor.srce.hr>
	<m2raguibri.fsf@altair.xemacs.org>
X-Mailer: VM 6.22 under Emacs 19.34.1
Errors-to: wmperry@aventail.com
Reply-to: wmperry@aventail.com
X-Face: O~Rn;(l][/-o1sALg4A@xpE:9-"'IR[%;,,!m7</SYF`{vYQ(&RI1&EiH[FvT;J}@f!4kfz
 x_!Y#=y{Uuj9GvUi=cPuajQ(Z42R[wE@{G,sn$qGr5g/wnb*"*ktI+,CD}1Z'wxrM2ag-r0p5I6\nA
 [WJopW_J.WY;

Steven L Baur writes:
>Hrvoje Niksic writes:
>
>> When a user (e.g. `hniksic') compiles XEmacs, when root does a
>> `make install', many files are left in hniksic's ownership.  This
>> includes most (all?) of the lisp/ and etc/ directories.  This means
>> that the mentioned user can keep changing the site-wide stuff.
>> Looking back, I see that the bug has been there since before 19.14.
>
>> We may wish to fix it for 20.1, though.
>
>Yup.  I hadn't realized this before.  The badness comes from copying the
>lisp directories with tar instead of cp (presumably to preserve time
>stamps?).  How does one portably say `ignore file ownership' in tar?  Gnu
>tar has --same-owner, Solaris has -o, SCO has -p.  Grrr.

  Give up.  I tried to do this for our web server install at spry ages
ago.  Resistance is futile.  Actually _GNU TAR_ doesn't have a way to turn
this behaviour _OFF_.  --same-owner is the default, and there is no switch
to turn it off.

  Best bet would be to: chown -R `whoami` lisp

  ??  But that doesn't deal with group crap.

-Bill P.

