[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)
- To: Full-disclosure <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)
- From: Christian Kujau <evil@xxxxxxxxxx>
- Date: Tue, 12 Oct 2004 13:53:14 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Umphress wrote:
>>...somehow i don't expect programs to mess with /usr. not as a user and
>>not as root.
>
> I just picked /usr, it could have been /etc, /var or any other
> standard directory that every *nix distribution has. Regardless, if I
> try to make unarj write to a directory that I don't have the
> neccessary permissions for, it asks me to pick an alternate location
> to extract to.
yes, but this is the point! when i happen to unarj a package with the
unarj version you have as user "root", then unarj *will* have the
permission to overwrite /etc or whatever. it won't kindly ask but just
overwrite, or does it? (you've shown unarj in action with sudo when
test.txt was non-existant).
- --
BOFH excuse #290:
The CPU has shifted, and become decentralized.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBa8Wq+A7rjkF8z0wRAvOIAKDDIeYg5kMmda/6vR1sfgXORSGW7wCg2Fwg
jkJFk76Fgb7nDCDvAk+HrkY=
=v0l8
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html