[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <416BC5C5.8090102@gmx.net>
From: evilninja at gmx.net (evilninja)
Subject: unarj dir-transversal bug (../../../..)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Umphress wrote:
>>...somehow i don't expect programs to mess with /usr. not as a user and
>>not as root.
>
> I just picked /usr, it could have been /etc, /var or any other
> standard directory that every *nix distribution has. Regardless, if I
> try to make unarj write to a directory that I don't have the
> neccessary permissions for, it asks me to pick an alternate location
> to extract to.
yes, but this is the point! when i happen to unarj a package with the
unarj version you have as user "root", then unarj *will* have the
permission to overwrite /etc or whatever. it won't kindly ask but just
overwrite, or does it? (you've shown unarj in action with sudo when
test.txt was non-existant).
- --
BOFH excuse #290:
The CPU has shifted, and become decentralized.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBa8XFC/PVm5+NVoYRAonoAKCGvDw7nWPHmeiSLbIJnZTZL96DrQCgyzVp
2Nj8WyhvyAGZWdyR6ce9W/s=
=4bNP
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists