| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060908200244.GD3271@sentinelchicken.org> Date: Fri, 8 Sep 2006 16:02:44 -0400 From: Tim <tim-security@...tinelchicken.org> To: full-disclosure@...ts.grok.org.uk Subject: tar alternative > Don't. Untar. Archives. As. Root. > > It's that simple. > > Or are you also going to complain about the fact that there are tar > versions out there that don't strip a leading / from the archive? > Much fun can be had when you carelessly extract as root, then. Hello, Sorry to change the subject slightly here on this thread, but I was wondering about this before the topic came up. Given the problems with using the tar format for file distribution, are there any other simple, non-compressed file-grouping formats out there that weren't originally designed for backups (e.g. don't contain usernames, permissions, etc)? Something that can be a drop-in replacement for tar and thus can integrate with gzip/bzip2 easily? (Don't even say .zip) There's probably one out there I'm completely naive about, but I haven't seen one yet that would be a safer alternative. thanks, tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists