[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] GNU tar directory traversal

To: Siim Põder <windo@xxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] GNU tar directory traversal
From: virus@xxxxxxxxx
Date: Wed, 22 Nov 2006 17:00:25 +0100

Hello,

Siim Põder wrote:
> That has little to do with the actual vulnerability, hasn't it? It's a
> possible workaround though, so that's great.

that's not a workaround. tar is supposed to overwrite files. If you 
don't want that behavior, use "-w".

>>> Discussing wether root should ever run tar is irrelevant.
>> Agreed, the discussion whether root should *run* tar or not is 
 > I specifically said I didn't want to discuss this

Yeah. So don't comment my comments...

GTi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] GNU tar directory traversal
  - From: Siim Põder

References:
- Re: [Full-disclosure] GNU tar directory traversal
  - From: Jeb Osama
- Re: [Full-disclosure] GNU tar directory traversal
  - From: Siim Põder
- Re: [Full-disclosure] GNU tar directory traversal
  - From: virus
- Re: [Full-disclosure] GNU tar directory traversal
  - From: Siim Põder

Prev by Date: Re: [Full-disclosure] GNU tar directory traversal
Next by Date: Re: [Full-disclosure] GNU tar directory traversal
Previous by thread: Re: [Full-disclosure] GNU tar directory traversal
Next by thread: Re: [Full-disclosure] GNU tar directory traversal
Index(es):
- Date
- Thread