Date: Tue, 1 Oct 2002 16:50:14 -0700 (PDT) From: "f.johan.beisser" <jan@caustic.org> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?) Message-ID: <20021001164903.H67581-100000@pogo.caustic.org> In-Reply-To: <4.3.2.7.2.20021001173317.034cfe10@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Oct 2002, Brett Glass wrote: > I was using the ~ notation as a shorthand. The point is that if you can > get at a user's .forward file, that's sufficient to run code as him/her. > There are lots of other clever ways, too; that's just the first > example that came to mind. ah, sorry. i've been working on scripts today. i'm in a little bit of a literallist mindset. > Rather than give someone the opportunity to find a clever exploit, I think > we'd best just close the hole. ;-) well, agreed. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021001164903.H67581-100000>