Patch-ID# 101072-02 Keywords: data, non-relate, tarfile, block, security, tape, malloc, dd, tar, Synopsis: SunOS 4.1.1;4.1.2;4.1.3: Non-related data filled the last block tarfile Date: Mar/30/94 Solaris Release: 1.1 SunOS release: 4.1.1, 4.1.2, 4.1.3, 4.1.3C Unbundled Product: Unbundled Release: Architectures for which this patch is available: sun3 and sparc BugId's fixed with this patch: 1095930 1134350 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: 101634 Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/tar Note: The tar executables provided with this patch are suitable for all 4.x releases of SunOS. Problem Description: 1134350 : tar fills out the last block of a tarfile with non-related data Tar may fill out the last block of a file with data from a file or a directory. This could, for some sites, present a security issue relating to restricted data or filenames. 1095930 : tar xvpf does not restore the original ownerships on symbolic links When 'tar xvp' restores a symbolic link, the ownerships of the symbolic link file become the same as the process running tar. Patch Installation Instructions: Login as root. mv /usr/bin/tar /usr/bin/tar.FCS cp `arch`/tar /usr/bin/tar chown root.staff /usr/bin/tar chmod 755 /usr/bin/tar