Full Disclosure mailing list archives

Re: GNU tar directory traversal

From: Teemu Salmela <teemu.salmela () iki fi>
Date: Wed, 22 Nov 2006 11:30:01 +0200

Jeb Osama wrote:


LOLOLOLOLOLOLOLOLOL
Thats pretty much the purpose of symlinks.. Whats your point in 
posting this fact in FD?


I tried to say that you shouldn't extract tar archives that come
from someone you don't trust.
If you extract an untrusted tar archive (for example, download it from the
web, or receive it as a e-mail attachment) as root it's as bad as
running an untrusted program as root because the tar archive
could replace any file (/bin/ls, /bin/bash, the kernel, etc) in the system.
Even the coders of tar would realize this is a security risk. I know 
this because
, in the tar code, they really try to make it impossible to extract 
files outside
the "extraction directory".

-- 
fscanf(socket,"%s",buf); printf(buf);
sprintf(query, "SELECT %s FROM table", buf);
sprintf(cmd, "echo %s | sqlquery", query); system(cmd);
Teemu Salmela 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

GNU tar directory traversal Teemu Salmela (Nov 21)
- <Possible follow-ups>
- Re: GNU tar directory traversal Jeb Osama (Nov 21)
  - Re: GNU tar directory traversal Gouki (Nov 21)
  - Re: GNU tar directory traversal Teemu Salmela (Nov 22)
  - Re: GNU tar directory traversal Siim Põder (Nov 22)
    - Re: GNU tar directory traversal Teemu Salmela (Nov 22)
    - Re: GNU tar directory traversal virus (Nov 22)
    - Re: GNU tar directory traversal Siim Põder (Nov 22)
    - Re: GNU tar directory traversal virus (Nov 22)
    - Re: GNU tar directory traversal Siim Põder (Nov 22)
    - Re: GNU tar directory traversal virus (Nov 23)
    - Re: GNU tar directory traversal virus (Nov 23)
- Re: GNU tar directory traversal Jeb Osama (Nov 22)