Full Disclosure mailing list archives

Re: UNIX Tar Security Advisory from TEAM PWN4GE

From: Valdis.Kletnieks () vt edu
Date: Wed, 02 Feb 2005 23:12:07 -0500

On Wed, 02 Feb 2005 23:18:12 +0100, Volker Tanger said:

Alternatively the TAR binary might be SUID'ed, which is A Bad Idea(TM),
too - which are all SUID'ed programs that can write to arbitrary
locations...


And in the prehistoric dawn of the computer era, about 15 years ago, IBM made
one of the first RISC-based systems, the RT.  One of the operating systems
available for it was AIX 2.2 (a SYSV port, which came out before AIX 1.2 for
the x86 family of PS/2 boxes), which indeed shipped with a setuid /bin/tar.

First time I saw that, I said to myself "Damn, I've been hax0red".  Then I
re-installed tar from the original system media - and promptly wished it had
in fact been a trojaned binary.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

UNIX Tar Security Advisory from TEAM PWN4GE Team Pwnge (Feb 02)
- Re: UNIX Tar Security Advisory from TEAM PWN4GE Niek (Feb 02)
- <Possible follow-ups>
- Re: UNIX Tar Security Advisory from TEAM PWN4GE Volker Tanger (Feb 02)
  - Re: UNIX Tar Security Advisory from TEAM PWN4GE Chris Howells (Feb 02)
  - Re: UNIX Tar Security Advisory from TEAM PWN4GE Valdis . Kletnieks (Feb 02)