lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Nov 2006 11:35:51 +0200 From: Siim Põder <windo@...rad-teel.net> To: Jeb Osama <mkmaxx@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: GNU tar directory traversal Yo! Jeb Osama wrote: > LOLOLOLOLOLOLOLOLOL Thats pretty much the purpose of symlinks.. Whats > your point in posting this fact in FD? And is tar supposed to overwrite arbitrary files on the filesystem when untaring an archieve? If I understand Teemu right, then he's found a way to create a tar file that would create a symlink when untared; and create further files to wherever the symlink points to (If this is not the case, then LOLOLOLOLOLOL might be in order). So, for example, I make a tar archieve that contains a symlink to 'bla'->'/etc' and 'bla/passwd', that - if opened by root - would overwrite the passwd file. Discussing wether root should ever run tar is irrelevant. Siim Põder _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists