[Full-disclosure] GNU tar directory traversal

[virus at nolog.org]

Hello,

Siim Põder wrote:
> That has little to do with the actual vulnerability, hasn't it? It's a
> possible workaround though, so that's great.

that's not a workaround. tar is supposed to overwrite files. If you 
don't want that behavior, use "-w".

>>> Discussing wether root should ever run tar is irrelevant.
>> Agreed, the discussion whether root should *run* tar or not is 
 > I specifically said I didn't want to discuss this

Yeah. So don't comment my comments...

GTi