[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] GNU tar directory traversal

To: virus@xxxxxxxxx
Subject: Re: [Full-disclosure] GNU tar directory traversal
From: Siim Põder <windo@xxxxxxxxxxxxxxx>
Date: Wed, 22 Nov 2006 19:12:09 +0200

Yo!

virus@xxxxxxxxx wrote:
> Siim Põder wrote:
>> That has little to do with the actual vulnerability, hasn't it? It's a
>> possible workaround though, so that's great.
> that's not a workaround. tar is supposed to overwrite files. If you
> don't want that behavior, use "-w".

But not outside cwd or another directory specified by the -C option.
Agreed? Great.

Siim Põder

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] GNU tar directory traversal
  - From: virus

References:
- Re: [Full-disclosure] GNU tar directory traversal
  - From: Jeb Osama
- Re: [Full-disclosure] GNU tar directory traversal
  - From: Siim Põder
- Re: [Full-disclosure] GNU tar directory traversal
  - From: virus
- Re: [Full-disclosure] GNU tar directory traversal
  - From: Siim Põder
- Re: [Full-disclosure] GNU tar directory traversal
  - From: virus

Prev by Date: Re: [Full-disclosure] GNU tar directory traversal
Next by Date: Re: [Full-disclosure] Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.
Previous by thread: Re: [Full-disclosure] GNU tar directory traversal
Next by thread: Re: [Full-disclosure] GNU tar directory traversal
Index(es):
- Date
- Thread