Hello,
[EMAIL PROTECTED] wrote:
> no. Not agreed. -C is for changing the directory *before processing the
> remaining arguments*. So, if you don't want tar to overwrite files, you
> have to use -w.
Siim was right, -w is a workaround. Therefore it is - in opposite to my
former opinion - a secur
Hello,
Siim Põder wrote:
> But not outside cwd or another directory specified by the -C option.
> Agreed? Great.
no. Not agreed. -C is for changing the directory *before processing the
remaining arguments*. So, if you don't want tar to overwrite files, you
have to use -w.
GTi
Jeb, even so, I don't think 'LOLOLOLOL' is the best way to let Teemu
know that. I personally would not like this kind of attitude.
Don't take this the wrong way, I just didn't like this behavior on a
list like this.
Take care.
Regards,
Gouki
Bah.. You give a troll too much respect.
Filter
Yo!
[EMAIL PROTECTED] wrote:
> Siim Põder wrote:
>> That has little to do with the actual vulnerability, hasn't it? It's a
>> possible workaround though, so that's great.
> that's not a workaround. tar is supposed to overwrite files. If you
> don't want that behavior, use "-w".
But not outside cw
Hello,
Siim Põder wrote:
> That has little to do with the actual vulnerability, hasn't it? It's a
> possible workaround though, so that's great.
that's not a workaround. tar is supposed to overwrite files. If you
don't want that behavior, use "-w".
>>> Discussing wether root should ever run tar
Yo!
[EMAIL PROTECTED] wrote:
> Siim Põder wrote:
>> So, for example, I make a tar archieve that contains a symlink to
>> 'bla'->'/etc' and 'bla/passwd', that - if opened by root - would
>> overwrite the passwd file.
>
> right from the man page: A confirmation is needed if -w is used.
That has li
Hello,
Siim Põder wrote:
> So, for example, I make a tar archieve that contains a symlink to
> 'bla'->'/etc' and 'bla/passwd', that - if opened by root - would
> overwrite the passwd file.
right from the man page: A confirmation is needed if -w is used.
> Discussing wether root should ever run t
Siim Põder wrote:
> And is tar supposed to overwrite arbitrary files on the filesystem when
> untaring an archieve?
>
> If I understand Teemu right, then he's found a way to create a tar file
> that would create a symlink when untared; and create further files to
> wherever the symlink points to (I
Yo!
Jeb Osama wrote:
> LOLOLOLOLOLOLOLOLOL Thats pretty much the purpose of symlinks.. Whats
> your point in posting this fact in FD?
And is tar supposed to overwrite arbitrary files on the filesystem when
untaring an archieve?
If I understand Teemu right, then he's found a way to create a tar f
Jeb Osama wrote:
>
> LOLOLOLOLOLOLOLOLOL
> Thats pretty much the purpose of symlinks.. Whats your point in
> posting this fact in FD?
I tried to say that you shouldn't extract tar archives that come
from someone you don't trust.
If you extract an untrusted tar archive (for example, download it fr
Jeb, even so, I don't think 'LOLOLOLOL' is the best way to let Teemu
know that. I personally would not like this kind of attitude.
Don't take this the wrong way, I just didn't like this behavior on a
list like this.
Take care.
Regards,
Gouki
On Wed, 2006-11-22 at 07:45 +0530, Jeb Osama wrote:
From: Teemu Salmela <[EMAIL PROTECTED]>
GNU tar directory traversal
What is it?
When i download a tar file (warez.tar.gz in this example) from the web and
run the following commands:
$ mkdir ~/warez
$ tar xzf warez.ta
12 matches
Mail list logo
