Full Disclosure mailing list archives
Re: GNU tar directory traversal
From: virus () nolog org
Date: Wed, 22 Nov 2006 17:00:25 +0100
Hello, Siim Põder wrote:
That has little to do with the actual vulnerability, hasn't it? It's a possible workaround though, so that's great.
that's not a workaround. tar is supposed to overwrite files. If you don't want that behavior, use "-w".
Discussing wether root should ever run tar is irrelevant.Agreed, the discussion whether root should *run* tar or not isI specifically said I didn't want to discuss this
Yeah. So don't comment my comments... GTi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- GNU tar directory traversal Teemu Salmela (Nov 21)
- <Possible follow-ups>
- Re: GNU tar directory traversal Jeb Osama (Nov 21)
- Re: GNU tar directory traversal Gouki (Nov 21)
- Re: GNU tar directory traversal Teemu Salmela (Nov 22)
- Re: GNU tar directory traversal Siim Põder (Nov 22)
- Re: GNU tar directory traversal Teemu Salmela (Nov 22)
- Re: GNU tar directory traversal virus (Nov 22)
- Re: GNU tar directory traversal Siim Põder (Nov 22)
- Re: GNU tar directory traversal virus (Nov 22)
- Re: GNU tar directory traversal Siim Põder (Nov 22)
- Re: GNU tar directory traversal virus (Nov 23)
- Re: GNU tar directory traversal virus (Nov 23)