diff --git a/kittens/diff/main.go b/kittens/diff/main.go
index 25ba00070..a54dec119 100644
--- a/kittens/diff/main.go
+++ b/kittens/diff/main.go
@@ -88,7 +88,7 @@ func get_ssh_file(hostname, rpath string) (string, error) {
 		return "", fmt.Errorf("Failed to ssh into remote host %s to get file %s with error: %w", hostname, rpath, err)
 	}
 	tf := tar.NewReader(bytes.NewReader(stdout))
-	count, err := utils.ExtractAllFromTar(tf, tdir)
+	count, err := utils.ExtractAllFromTar(tf, tdir, utils.TarExtractOptions{DontPreserveSuidAndSgid: true})
 	if err != nil {
 		return "", fmt.Errorf("Failed to untar data from remote host %s to get file %s with error: %w", hostname, rpath, err)
 	}
diff --git a/tools/utils/tar.go b/tools/utils/tar.go
index 899707000..2c36ed023 100644
--- a/tools/utils/tar.go
+++ b/tools/utils/tar.go
@@ -18,6 +18,7 @@ var _ = fmt.Print
 
 type TarExtractOptions struct {
 	DontPreservePermissions bool
+	DontPreserveSuidAndSgid bool
 }
 
 func volnamelen(path string) int {
@@ -189,6 +190,9 @@ func ExtractAllFromTar(tr *tar.Reader, dest_path string, optss ...TarExtractOpti
 	set_metadata := func(chmod func(mode fs.FileMode) error, hdr_mode int64) (err error) {
 		if !opts.DontPreservePermissions && chmod != nil {
 			perms := mode(hdr_mode)
+			if opts.DontPreserveSuidAndSgid {
+				perms = perms &^ (os.ModeSetuid | os.ModeSetgid)
+			}
 			if err = chmod(perms); err != nil {
 				return err
 			}