Full Disclosure mailing list archives

Re: GNU tar directory traversal

From: Siim Põder <windo () p6drad-teel net>
Date: Wed, 22 Nov 2006 11:35:51 +0200

Yo!

Jeb Osama wrote:

LOLOLOLOLOLOLOLOLOL Thats pretty much the purpose of symlinks.. Whats
your point in posting this fact in FD?


And is tar supposed to overwrite arbitrary files on the filesystem when
untaring an archieve?

If I understand Teemu right, then he's found a way to create a tar file
that would create a symlink when untared; and create further files to
wherever the symlink points to (If this is not the case, then
LOLOLOLOLOLOL might be in order).

So, for example, I make a tar archieve that contains a symlink to
'bla'->'/etc' and 'bla/passwd', that - if opened by root - would
overwrite the passwd file.

Discussing wether root should ever run tar is irrelevant.

Siim Põder

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

GNU tar directory traversal Teemu Salmela (Nov 21)
- <Possible follow-ups>
- Re: GNU tar directory traversal Jeb Osama (Nov 21)
  - Re: GNU tar directory traversal Gouki (Nov 21)
  - Re: GNU tar directory traversal Teemu Salmela (Nov 22)
  - Re: GNU tar directory traversal Siim Põder (Nov 22)
    - Re: GNU tar directory traversal Teemu Salmela (Nov 22)
    - Re: GNU tar directory traversal virus (Nov 22)
    - Re: GNU tar directory traversal Siim Põder (Nov 22)
    - Re: GNU tar directory traversal virus (Nov 22)
    - Re: GNU tar directory traversal Siim Põder (Nov 22)
    - Re: GNU tar directory traversal virus (Nov 23)
    - Re: GNU tar directory traversal virus (Nov 23)
- Re: GNU tar directory traversal Jeb Osama (Nov 22)