Date: Tue, 1 Oct 2002 18:31:28 -0700 (PDT) From: Brian Behlendorf <brian@hyperreal.org> To: Klaus Steden <klaus@compt.com> Cc: security@FreeBSD.ORG Subject: Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?) Message-ID: <20021001183010.E58068-100000@yez.hyperreal.org> In-Reply-To: <20021001193024.A24818@cthulu.compt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Oct 2002, Klaus Steden wrote: > With all due respect, running 'tar tf' before extracting a tarball as root is > a good idea, and a good habit to get into. So, fix the ports system then to include a step whereby someone has to pause the installation process to review the output of tar before allowing it to proceed. Oh, that would be a pain, wouldn't it? Like someone said, POLA. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021001183010.E58068-100000>