Full Disclosure mailing list archives
tar alternative
From: Tim <tim-security () sentinelchicken org>
Date: Fri, 8 Sep 2006 16:02:44 -0400
Don't. Untar. Archives. As. Root. It's that simple. Or are you also going to complain about the fact that there are tar versions out there that don't strip a leading / from the archive? Much fun can be had when you carelessly extract as root, then.
Hello, Sorry to change the subject slightly here on this thread, but I was wondering about this before the topic came up. Given the problems with using the tar format for file distribution, are there any other simple, non-compressed file-grouping formats out there that weren't originally designed for backups (e.g. don't contain usernames, permissions, etc)? Something that can be a drop-in replacement for tar and thus can integrate with gzip/bzip2 easily? (Don't even say .zip) There's probably one out there I'm completely naive about, but I haven't seen one yet that would be a safer alternative. thanks, tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Linux kernel source archive vulnerable, (continued)
- Re: Linux kernel source archive vulnerable Gerald (Jerry) Carter (Sep 08)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Linux kernel source archive vulnerable Gerald (Jerry) Carter (Sep 08)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Linux kernel source archive vulnerable Gerald (Jerry) Carter (Sep 08)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Re: Linux kernel source archive vulnerable Michael Gale (Sep 08)
- Re: Re: Linux kernel source archive vulnerable Valdis . Kletnieks (Sep 09)
- Re: Linux kernel source archive vulnerable Ron (Sep 24)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Re: Linux kernel source archive vulnerable Jurjen Oskam (Sep 08)
- tar alternative Tim (Sep 08)
- Re: tar alternative Cristi Mitrana (Sep 08)
- Re: Re: tar alternative Tim (Sep 09)
- Re: Re: tar alternative darren kirby (Sep 09)
- Re: Re: tar alternative Tim (Sep 09)
- Re: Linux kernel source archive vulnerable Gerald (Jerry) Carter (Sep 08)
- Re: tar alternative Aaron Gray (Sep 15)
- Re: tar alternative Tim (Sep 20)
- Re: tar alternative Jon Hart (Sep 20)
- Re: tar alternative Tonnerre Lombard (Sep 20)
- Re: Linux kernel source archive vulnerable Joe Feise (Sep 11)