| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Nov 2006 11:30:01 +0200 From: Teemu Salmela <teemu.salmela@....fi> To: full-disclosure@...ts.grok.org.uk Subject: Re: GNU tar directory traversal Jeb Osama wrote: > > LOLOLOLOLOLOLOLOLOL > Thats pretty much the purpose of symlinks.. Whats your point in > posting this fact in FD? I tried to say that you shouldn't extract tar archives that come from someone you don't trust. If you extract an untrusted tar archive (for example, download it from the web, or receive it as a e-mail attachment) as root it's as bad as running an untrusted program as root because the tar archive could replace any file (/bin/ls, /bin/bash, the kernel, etc) in the system. Even the coders of tar would realize this is a security risk. I know this because , in the tar code, they really try to make it impossible to extract files outside the "extraction directory". -- fscanf(socket,"%s",buf); printf(buf); sprintf(query, "SELECT %s FROM table", buf); sprintf(cmd, "echo %s | sqlquery", query); system(cmd); Teemu Salmela _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists