[Full-disclosure] GNU tar directory traversal
Siim Põder
windo at p6drad-teel.net
Wed Nov 22 14:59:57 GMT 2006
Yo!
virus at nolog.org wrote:
> Siim Põder wrote:
>> So, for example, I make a tar archieve that contains a symlink to
>> 'bla'->'/etc' and 'bla/passwd', that - if opened by root - would
>> overwrite the passwd file.
>
> right from the man page: A confirmation is needed if -w is used.
That has little to do with the actual vulnerability, hasn't it? It's a
possible workaround though, so that's great.
>> Discussing wether root should ever run tar is irrelevant.
> Agreed, the discussion whether root should *run* tar or not is
> irrelevant. One shouldn't *trust* tar files from unknown/untrusted
> sources, root or not.
I specifically said I didn't want to discuss this (or any variants
thereof, which i failed to explicitly bring out) as this has nothing to
do with the vulnerability. I know I shouldn't do it just as you know it
and just as everyone else knows it - no reason for discussion.
Siim Põder
Full-Disclosure is hosted and sponsored by Secunia.