Full Disclosure mailing list archives
Re: UNIX Tar Security Advisory from TEAM PWN4GE
From: Valdis.Kletnieks () vt edu
Date: Wed, 02 Feb 2005 23:12:07 -0500
On Wed, 02 Feb 2005 23:18:12 +0100, Volker Tanger said:
Alternatively the TAR binary might be SUID'ed, which is A Bad Idea(TM), too - which are all SUID'ed programs that can write to arbitrary locations...
And in the prehistoric dawn of the computer era, about 15 years ago, IBM made one of the first RISC-based systems, the RT. One of the operating systems available for it was AIX 2.2 (a SYSV port, which came out before AIX 1.2 for the x86 family of PS/2 boxes), which indeed shipped with a setuid /bin/tar. First time I saw that, I said to myself "Damn, I've been hax0red". Then I re-installed tar from the original system media - and promptly wished it had in fact been a trojaned binary.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- UNIX Tar Security Advisory from TEAM PWN4GE Team Pwnge (Feb 02)
- Re: UNIX Tar Security Advisory from TEAM PWN4GE Niek (Feb 02)
- <Possible follow-ups>
- Re: UNIX Tar Security Advisory from TEAM PWN4GE Volker Tanger (Feb 02)
- Re: UNIX Tar Security Advisory from TEAM PWN4GE Chris Howells (Feb 02)
- Re: UNIX Tar Security Advisory from TEAM PWN4GE Valdis . Kletnieks (Feb 02)