From owner-freebsd-security  Tue Oct  1 15: 9:12 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E813737B404
	for <security@FreeBSD.ORG>; Tue,  1 Oct 2002 15:09:10 -0700 (PDT)
Received: from lariat.org (lariat.org [63.229.157.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F1EBD43E4A
	for <security@FreeBSD.ORG>; Tue,  1 Oct 2002 15:09:09 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id QAA22963;
	Tue, 1 Oct 2002 16:08:49 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms.
Message-Id: <4.3.2.7.2.20021001160301.034597f0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Tue, 01 Oct 2002 16:08:46 -0600
To: Kris Kennaway <kris@obsecurity.org>
From: Brett Glass <brett@lariat.org>
Subject: Re: RE: Is FreeBSD's tar susceptible to this?
Cc: Matthew Dillon <dillon@apollo.backplane.com>,
	Matt Piechota <piechota@argolis.org>, Aaron Namba <aaron@namba1.com>,
	security@FreeBSD.ORG
In-Reply-To: <20021001213251.GA54642@xor.obsecurity.org>
References: <4.3.2.7.2.20021001133156.03609ec0@localhost>
 <4.3.2.7.2.20021001113225.034331b0@localhost>
 <4.3.2.7.2.20021001122135.0344e410@localhost>
 <4.3.2.7.2.20021001133156.03609ec0@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 03:32 PM 10/1/2002, Kris Kennaway wrote:

>Discussions of licensing and reimplementation of GNU utilities are
>off-topic for security.  However, I encourage you to continue this
>discussion in another forum.  For example, NetBSD's pax(1) code has a
>half-implemented GNU tar compatibility mode which could be extended to
>cover most of the common GNU tar options.

Yes, it does have most of the features of GNU tar. About the only thing
it's missing is bzip2 capability, which is easy to add. Complete code
to translate the command line options would be dull work but not
technically challenging at all. (It could even be done by a Perl
front end, though it'd be better to reduce it to C.)

In the meantime, though, is there a chance that a fix for the vulnerability
can be slipped into 4.7 prior to release? I'd hate to be exploding a
tarball, as root, and discover that it had upreferenced to the top of
the directory tree and installed something nasty. (If such an
exploit were to hit /etc/crontab, it could run arbitrary code in a
minute or less -- probably before the admin could react.)

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message