Full Disclosure mailing list archives
Re: GNU tar directory traversal
From: Siim Põder <windo () p6drad-teel net>
Date: Wed, 22 Nov 2006 11:35:51 +0200
Yo! Jeb Osama wrote:
LOLOLOLOLOLOLOLOLOL Thats pretty much the purpose of symlinks.. Whats your point in posting this fact in FD?
And is tar supposed to overwrite arbitrary files on the filesystem when untaring an archieve? If I understand Teemu right, then he's found a way to create a tar file that would create a symlink when untared; and create further files to wherever the symlink points to (If this is not the case, then LOLOLOLOLOLOL might be in order). So, for example, I make a tar archieve that contains a symlink to 'bla'->'/etc' and 'bla/passwd', that - if opened by root - would overwrite the passwd file. Discussing wether root should ever run tar is irrelevant. Siim Põder _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- GNU tar directory traversal Teemu Salmela (Nov 21)
- <Possible follow-ups>
- Re: GNU tar directory traversal Jeb Osama (Nov 21)
- Re: GNU tar directory traversal Gouki (Nov 21)
- Re: GNU tar directory traversal Teemu Salmela (Nov 22)
- Re: GNU tar directory traversal Siim Põder (Nov 22)
- Re: GNU tar directory traversal Teemu Salmela (Nov 22)
- Re: GNU tar directory traversal virus (Nov 22)
- Re: GNU tar directory traversal Siim Põder (Nov 22)
- Re: GNU tar directory traversal virus (Nov 22)
- Re: GNU tar directory traversal Siim Põder (Nov 22)
- Re: GNU tar directory traversal virus (Nov 23)
- Re: GNU tar directory traversal virus (Nov 23)