[Buildroot] [PATCH] fs/tar: only store numeric uid/gid
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Thu Feb 19 21:03:38 UTC 2015
Dear Yann E. MORIN,
On Mon, 16 Feb 2015 18:49:16 +0100, Yann E. MORIN wrote:
> If a target user is asigned a UID (e.g. 1000) that happens to also exist
> on the build machine, tar will happily store the username for that user.
>
> This can be seen by some as potential information disclosure.
>
> Instruct tar to just store the numeric uid/gid.
>
> Signed-off-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>
I hesitated a bit on this one, but I preferred to err on the safe side,
and therefore applied this patch to the 'next' branch.
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list