Date: Wed, 2 Oct 2002 20:27:04 +0300 From: Alexandr Kovalenko <never@nevermind.kiev.ua> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: "f.johan.beisser" <jan@caustic.org>, Brett Glass <brett@lariat.org>, security@FreeBSD.ORG Subject: Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?) Message-ID: <20021002172704.GA27421@nevermind.kiev.ua> In-Reply-To: <20021002155526.GA1669@hades.hell.gr> References: <4.3.2.7.2.20021001162821.036c0530@localhost> <20021001154626.M67581-100000@pogo.caustic.org> <20021002155526.GA1669@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Giorgos Keramidas! On Wed, Oct 02, 2002 at 06:55:26PM +0300, you wrote: > > "tar tvf <filename> | [more || less]" doesn't seem that hard to me. > A quick way of checking existing tarballs for upwards directory > traversal is also: > > $ tar tvf tarball.tar | fgrep '..' err, this doesn't seem correct to me. I thing that 'file..name' is a correct filename. Yes. It is not commonly used but it could be. -- NEVE-RIPE Ukrainian FreeBSD User Group http://uafug.org.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021002172704.GA27421>