From owner-freebsd-security  Tue Oct  1 15:22: 5 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 36B8837B401
	for <security@FreeBSD.ORG>; Tue,  1 Oct 2002 15:22:04 -0700 (PDT)
Received: from pogo.caustic.org (caustic.org [64.163.147.186])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EE35A43E65
	for <security@FreeBSD.ORG>; Tue,  1 Oct 2002 15:22:03 -0700 (PDT)
	(envelope-from jan@caustic.org)
Received: from localhost (jan@localhost)
	by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id g91MLxJ91826;
	Tue, 1 Oct 2002 15:21:59 -0700 (PDT)
	(envelope-from jan@caustic.org)
Date: Tue, 1 Oct 2002 15:21:58 -0700 (PDT)
From: "f.johan.beisser" <jan@caustic.org>
To: Brett Glass <brett@lariat.org>
Cc: security@FreeBSD.ORG
Subject: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible
 to this?)
In-Reply-To: <4.3.2.7.2.20021001160301.034597f0@localhost>
Message-ID: <20021001151050.F67581-100000@pogo.caustic.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, 1 Oct 2002, Brett Glass wrote:

> In the meantime, though, is there a chance that a fix for the vulnerability
> can be slipped into 4.7 prior to release? I'd hate to be exploding a
> tarball, as root, and discover that it had upreferenced to the top of
> the directory tree and installed something nasty. (If such an
> exploit were to hit /etc/crontab, it could run arbitrary code in a
> minute or less -- probably before the admin could react.)

if you're untarring something, shouldn't you review what you're looking at
first anyway? even if the vulnerability exists, it doesn't make it easy to
exploit - if you review what you're untarring before doing it as root.

best practice is to continue to not untar things as root untill you've
reviewed the contents of your file. you can't control what anyone else
puts in to the file anyway.


-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan@caustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message