Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GNU tar directory traversal

From: Siim Põder <windo () p6drad-teel net>
Date: Wed, 22 Nov 2006 16:59:57 +0200
Yo!

virus () nolog org wrote:

Siim Põder wrote:

So, for example, I make a tar archieve that contains a symlink to
'bla'->'/etc' and 'bla/passwd', that - if opened by root - would
overwrite the passwd file.


right from the man page: A confirmation is needed if -w is used.


That has little to do with the actual vulnerability, hasn't it? It's a
possible workaround though, so that's great.


Discussing wether root should ever run tar is irrelevant.

Agreed, the discussion whether root should *run* tar or not is 
irrelevant. One shouldn't *trust* tar files from unknown/untrusted 
sources, root or not.


I specifically said I didn't want to discuss this (or any variants
thereof, which i failed to explicitly bring out) as this has nothing to
do with the vulnerability. I know I shouldn't do it just as you know it
and just as everyone else knows it - no reason for discussion.

Siim Põder

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: