[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] GNU tar directory traversal

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] GNU tar directory traversal
From: Teemu Salmela <teemu.salmela@xxxxxx>
Date: Wed, 22 Nov 2006 11:30:01 +0200

Jeb Osama wrote:
>
> LOLOLOLOLOLOLOLOLOL
> Thats pretty much the purpose of symlinks.. Whats your point in 
> posting this fact in FD?

I tried to say that you shouldn't extract tar archives that come
from someone you don't trust.
If you extract an untrusted tar archive (for example, download it from the
web, or receive it as a e-mail attachment) as root it's as bad as
running an untrusted program as root because the tar archive
could replace any file (/bin/ls, /bin/bash, the kernel, etc) in the system.
Even the coders of tar would realize this is a security risk. I know 
this because
, in the tar code, they really try to make it impossible to extract 
files outside
the "extraction directory".

-- 
fscanf(socket,"%s",buf); printf(buf);
sprintf(query, "SELECT %s FROM table", buf);
sprintf(cmd, "echo %s | sqlquery", query); system(cmd);
Teemu Salmela 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] GNU tar directory traversal
  - From: Jeb Osama

Prev by Date: Re: [Full-disclosure] GNU tar directory traversal
Next by Date: Re: [Full-disclosure] GNU tar directory traversal
Previous by thread: Re: [Full-disclosure] GNU tar directory traversal
Next by thread: Re: [Full-disclosure] GNU tar directory traversal
Index(es):
- Date
- Thread