From owner-freebsd-security Tue Oct 1 15:56:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B66BB37B401 for ; Tue, 1 Oct 2002 15:56:51 -0700 (PDT) Received: from pogo.caustic.org (caustic.org [64.163.147.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 77D7C43E6E for ; Tue, 1 Oct 2002 15:56:51 -0700 (PDT) (envelope-from jan@caustic.org) Received: from localhost (jan@localhost) by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id g91Mum592049; Tue, 1 Oct 2002 15:56:48 -0700 (PDT) (envelope-from jan@caustic.org) Date: Tue, 1 Oct 2002 15:56:48 -0700 (PDT) From: "f.johan.beisser" To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?) In-Reply-To: <4.3.2.7.2.20021001162821.036c0530@localhost> Message-ID: <20021001154626.M67581-100000@pogo.caustic.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 1 Oct 2002, Brett Glass wrote: > Most people look at what's being untarred as it happens. They don't > expect upward directory traversal to be possible, so they don't > anticipate being hit in the way that this bug allows. i tend to do the same thing, from a temp directory within $HOME. i don't expect an attacker to be able to get to my crontab (your example) or modify something else (perhaps /etc/inetd.conf) if the permissions aren't there anyway. it's rare i'll do much as root. exceedingly rare. best practice is to NOT do much as root if you don't have too. > Also, even if one does list the contents of a large archive (say, > a complete distribution of Apache), you'd need to list it slowly > and read it critically. Even a really long file name will scroll > by FAST during a listing and could be missed. "tar tvf | [more || less]" doesn't seem that hard to me. this is about best practice after all. if it's a modified tarball, it won't match the MD5 signature anyway, and shouldn't be trusted by the ports system. if you're building on your own, you shouldn't be handling the untar and build as root. there's little reason to have root access untill the install. i guess i would be more worried about this having the ability to execute arbitrary code as the user; which it doesn't seem to have. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message