From owner-freebsd-security Tue Oct 1 16:10:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A1C737B401 for ; Tue, 1 Oct 2002 16:10:33 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53ABA43E65 for ; Tue, 1 Oct 2002 16:10:32 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id RAA23833; Tue, 1 Oct 2002 17:10:25 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20021001170815.0345ab20@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 01 Oct 2002 17:10:23 -0600 To: "f.johan.beisser" From: Brett Glass Subject: Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?) Cc: security@FreeBSD.ORG In-Reply-To: <20021001154626.M67581-100000@pogo.caustic.org> References: <4.3.2.7.2.20021001162821.036c0530@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 04:56 PM 10/1/2002, f.johan.beisser wrote: >i guess i would be more worried about this having the ability to execute >arbitrary code as the user; which it doesn't seem to have. There are dozens of ways that it can. Think ~/.forward with a piped command, for example. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message