Siim Põder wrote: > And is tar supposed to overwrite arbitrary files on the filesystem when > untaring an archieve? > > If I understand Teemu right, then he's found a way to create a tar file > that would create a symlink when untared; and create further files to > wherever the symlink points to (If this is not the case, then > LOLOLOLOLOLOL might be in order). > > So, for example, I make a tar archieve that contains a symlink to > 'bla'->'/etc' and 'bla/passwd', that - if opened by root - would > overwrite the passwd file. > Yes, this is how it works.
-- fscanf(socket,"%s",buf); printf(buf); sprintf(query, "SELECT %s FROM table", buf); sprintf(cmd, "echo %s | sqlquery", query); system(cmd); Teemu Salmela _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
