Full Disclosure mailing list archives

Re: GNU tar directory traversal

From: virus () nolog org
Date: Wed, 22 Nov 2006 17:00:25 +0100

Hello,

Siim Põder wrote:

That has little to do with the actual vulnerability, hasn't it? It's a
possible workaround though, so that's great.


that's not a workaround. tar is supposed to overwrite files. If you 
don't want that behavior, use "-w".

Discussing wether root should ever run tar is irrelevant.

Agreed, the discussion whether root should *run* tar or not is

I specifically said I didn't want to discuss this


Yeah. So don't comment my comments...

GTi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

GNU tar directory traversal Teemu Salmela (Nov 21)
- <Possible follow-ups>
- Re: GNU tar directory traversal Jeb Osama (Nov 21)
  - Re: GNU tar directory traversal Gouki (Nov 21)
  - Re: GNU tar directory traversal Teemu Salmela (Nov 22)
  - Re: GNU tar directory traversal Siim Põder (Nov 22)
    - Re: GNU tar directory traversal Teemu Salmela (Nov 22)
    - Re: GNU tar directory traversal virus (Nov 22)
    - Re: GNU tar directory traversal Siim Põder (Nov 22)
    - Re: GNU tar directory traversal virus (Nov 22)
    - Re: GNU tar directory traversal Siim Põder (Nov 22)
    - Re: GNU tar directory traversal virus (Nov 23)
    - Re: GNU tar directory traversal virus (Nov 23)
- Re: GNU tar directory traversal Jeb Osama (Nov 22)