Full Disclosure mailing list archives

Re: GNU tar directory traversal

From: Siim Põder <windo () p6drad-teel net>
Date: Wed, 22 Nov 2006 19:12:09 +0200

Yo!

virus () nolog org wrote:

Siim Põder wrote:

That has little to do with the actual vulnerability, hasn't it? It's a
possible workaround though, so that's great.

that's not a workaround. tar is supposed to overwrite files. If you
don't want that behavior, use "-w".


But not outside cwd or another directory specified by the -C option.
Agreed? Great.

Siim Põder

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

GNU tar directory traversal Teemu Salmela (Nov 21)
- <Possible follow-ups>
- Re: GNU tar directory traversal Jeb Osama (Nov 21)
  - Re: GNU tar directory traversal Gouki (Nov 21)
  - Re: GNU tar directory traversal Teemu Salmela (Nov 22)
  - Re: GNU tar directory traversal Siim Põder (Nov 22)
    - Re: GNU tar directory traversal Teemu Salmela (Nov 22)
    - Re: GNU tar directory traversal virus (Nov 22)
    - Re: GNU tar directory traversal Siim Põder (Nov 22)
    - Re: GNU tar directory traversal virus (Nov 22)
    - Re: GNU tar directory traversal Siim Põder (Nov 22)
    - Re: GNU tar directory traversal virus (Nov 23)
    - Re: GNU tar directory traversal virus (Nov 23)
- Re: GNU tar directory traversal Jeb Osama (Nov 22)