Date: Tue, 01 Oct 2002 17:10:23 -0600 From: Brett Glass <brett@lariat.org> To: "f.johan.beisser" <jan@caustic.org> Cc: security@FreeBSD.ORG Subject: Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?) Message-ID: <4.3.2.7.2.20021001170815.0345ab20@localhost> In-Reply-To: <20021001154626.M67581-100000@pogo.caustic.org> References: <4.3.2.7.2.20021001162821.036c0530@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 04:56 PM 10/1/2002, f.johan.beisser wrote: >i guess i would be more worried about this having the ability to execute >arbitrary code as the user; which it doesn't seem to have. There are dozens of ways that it can. Think ~/.forward with a piped command, for example. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20021001170815.0345ab20>