Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)
From: Brett Glass (brett@lariat.org)
Date: 10/02/02
- Next message: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Previous message: f.johan.beisser: "Re: RE: Is FreeBSD's tar susceptible to this?"
- In reply to: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Next in thread: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Reply: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 01 Oct 2002 17:10:23 -0600 To: "f.johan.beisser" <jan@caustic.org> From: Brett Glass <brett@lariat.org>
At 04:56 PM 10/1/2002, f.johan.beisser wrote:
>i guess i would be more worried about this having the ability to execute
>arbitrary code as the user; which it doesn't seem to have.
There are dozens of ways that it can. Think ~/.forward with a piped
command, for example.
--Brett
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Previous message: f.johan.beisser: "Re: RE: Is FreeBSD's tar susceptible to this?"
- In reply to: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Next in thread: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Reply: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
