* [Niels Möller] > Well, translators run as the owner of the node to which they are > attached. Don't attach translators you don't trust to your files.
And don't attach translators to files you don't trust. I don't think there is anything today that stops me from sending you an ext2 image with a passive translator that deletes your homedir when you access the translated node in the image. >> Suppose a tarfs that honors translator settings in arbitrary >> archives; then looking at a filesystem presentation of an archive >> that contains such a malicious server and a node with that server >> set on it will be pretty unpleasant. > > Hmm. That's slightly than tarfiles containing executables or setuid > executables. It might make sense to make tar more paranoid by default, > with some option to make it accept dangerous things. I can't se that tarfs could be more dangerous than ext2fs already is, with regard to translators and non-trusted archives. However, as tar is likely to be more widely used than ext2 images as a file exchange format, making tarfs more likely to be used on untrusted files, making tarfs more paranoid by default would probably be a good idea. (then again, most people today don't even tar tf before a tar xf, which I believe leaves them vulnerable to the symlink tricks you mention, even with GNU tar.) Oystein -- Ebg13 arire tbrf bhg bs fglyr.. _______________________________________________ Help-hurd mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/help-hurd