Here is the deal, I have a user called backup. Backup is a normal user, except he has a SUID tar file used to backup the system. I discovered that anyone can remove the file owned by root if it was created with SUID tar. Example at: http://forums.gentoo.org/viewtopic.php?t=229445 Granted SUID is not the most secure way of doing things, but files files created with the SUID binary should not be able to be removed by non root users since they are owned by root and have 0644 mode. Reproducible: Always Steps to Reproduce: 1. Create an archive using SUID tar. 2. As a normal users 3. Remove the file owned by root as the normal user. Actual Results: The file can be removed. Expected Results: Files created with the SUID binary should not be able to be removed by non root users since they are owned by root and have 0644 mode. $ qpkg -I -v coreutils sys-apps/coreutils-5.2.1 * $ qpkg -I -v tar app-arch/tar-1.14 *
We can't do anything about this. If a directory is writeable by a user, he is able to delete files in that directory regardless of if he has has write access to the file. A solution is to set the sticky bit on that directory, like it's done with /tmp. This allows users only to delete files they own themself. root is able to delete any file.
that's just how unix permissions work
A suid tar is not really a good idea either, in fact it's a pretty bad idea. What if a local attacker on your box were to just tar zxvf etc_shadow.tgz -C / and adds (him|her)self to root via unpacking.
