Full Disclosure mailing list archives
Re: GNU tar directory traversal
From: virus () nolog org
Date: Thu, 23 Nov 2006 16:21:51 +0100
Hello, virus () nolog org wrote:
no. Not agreed. -C is for changing the directory *before processing the remaining arguments*. So, if you don't want tar to overwrite files, you have to use -w.
Siim was right, -w is a workaround. Therefore it is - in opposite to my former opinion - a security issue. Sorry for the noise. GTi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: GNU tar directory traversal, (continued)
- Re: GNU tar directory traversal Jeb Osama (Nov 21)
- Re: GNU tar directory traversal Gouki (Nov 21)
- Re: GNU tar directory traversal Teemu Salmela (Nov 22)
- Re: GNU tar directory traversal Siim Põder (Nov 22)
- Re: GNU tar directory traversal Teemu Salmela (Nov 22)
- Re: GNU tar directory traversal virus (Nov 22)
- Re: GNU tar directory traversal Siim Põder (Nov 22)
- Re: GNU tar directory traversal virus (Nov 22)
- Re: GNU tar directory traversal Siim Põder (Nov 22)
- Re: GNU tar directory traversal virus (Nov 23)
- Re: GNU tar directory traversal virus (Nov 23)
- Re: GNU tar directory traversal Jeb Osama (Nov 21)