Date: Tue, 1 Oct 2002 16:25:57 -0700 (PDT) From: "f.johan.beisser" <jan@caustic.org> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?) Message-ID: <20021001162006.C67581-100000@pogo.caustic.org> In-Reply-To: <4.3.2.7.2.20021001170815.0345ab20@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Oct 2002, Brett Glass wrote: > There are dozens of ways that it can. Think ~/.forward with a piped > command, for example. sadly, i have to admit that won't work, not without adding in the leading "/". remember that "~" is expanded to "/home/$USER". if you can presume your victim will execute from a specific directory - say "/home/foo/tmp" - you could include "./../../.forward" inside a subdirectory. but, what's the guantee that they will be that consistant? assuming they're untarring in /usr/tmp, /var/tmp, or /tmp will also not really work, unless you're attacking a specific victim, and have pre-existing knowledge of their machines setup. while i do see this as being exploitable, i don't see it being something that can't be overcome by education and warning. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021001162006.C67581-100000>