NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fs/tar: only store numeric uid/gid

Browse Source 
If a target user is asigned a UID (e.g. 1000) that happens to also exist
on the build machine, tar will happily store the username for that user.

This can be seen by some as potential information disclosure.

Instruct tar to just store the numeric uid/gid.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit is contained in:
Yann E. MORIN 2015-02-16 18:49:16 +01:00 committed by Thomas Petazzoni
parent f290046f66
commit 66ee6dc872
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fs/tar/tar.mk
View File

@ -7,7 +7,7 @@
TAR_OPTS := $(call qstrip,$(BR2_TARGET_ROOTFS_TAR_OPTIONS))
define ROOTFS_TAR_CMD
tar -c$(TAR_OPTS)f $@ -C $(TARGET_DIR) .
tar -c$(TAR_OPTS)f $@ --numeric-owner -C $(TARGET_DIR) .
endef
$(eval $(call ROOTFS_TARGET,tar))