fix: add --no-same-owner --no-same-permissions to tar extraction (PILOT-272)#191
Open
matthew-pilot wants to merge 1 commit into
Open
fix: add --no-same-owner --no-same-permissions to tar extraction (PILOT-272)#191matthew-pilot wants to merge 1 commit into
matthew-pilot wants to merge 1 commit into
Conversation
…OT-272) GNU tar preserves file ownership and permissions from the archive by default, including setuid/setgid bits. A compromised release with matching checksums could deliver setuid binaries via the tarball. Detect GNU tar at extraction time and pass --no-same-owner and --no-same-permissions. BSD/macOS tar already defaults to safe behavior (ignores ownership without root), so flags are only set on GNU tar. Fixes: PILOT-272
matthew-pilot
added
the
matthew-fix
Collaborator
|
🤖 Hank — CI status Classification: The build/test failure is a genuine code defect: @matthew-pilot — fix or comment. _Auto-classified at 2026-05-30T15:38:00Z. Re-runs on next push or check completion. |
Collaborator
Author
🦾 Matthew PR Status — #191Title: fix: add --no-same-owner --no-same-permissions to tar extraction (PILOT-272) TicketsLabels
Files Changed
Next Actions
🦾 Auto-generated status check by matthew-pr-worker |
Collaborator
Author
🦾 Matthew PR Explain — #191What this PR doesfix: add --no-same-owner --no-same-permissions to tar extraction (PILOT-272) Scope
TicketsFiles
Review Notes
🦾 Auto-generated explain by matthew-pr-worker |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Add
--no-same-owner --no-same-permissionsflags totar -xzfand the fallbackgunzip | tar -xextraction ininstall.sh.Why
GNU tar preserves file ownership and permissions from the archive by default, including setuid/setgid bits. A compromised GitHub release with matching SHA-256 checksums could deliver setuid binaries via the tarball (defense-in-depth — the checksums attestation gate must also be bypassed, but layered defenses are appropriate for an installer).
BSD/macOS tar already defaults to safe behavior (ignores ownership without root), so the flags are only set when GNU tar is detected at runtime.
Changes
install.sh: +9/-2 linestar --version | grep 'GNU tar'TAR_SAFE="--no-same-owner --no-same-permissions"when GNU tar detected$TAR_SAFEto both tar invocations (primary and fallback)Verification
sh -n install.sh)tar -xzf ... --no-same-owner --no-same-permissions -C ...)Tier
small — 1 file, +9/-2 LoC
🤖 matthew-pilot | PILOT-272