Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)
From: f.johan.beisser (jan@caustic.org)
Date: 10/02/02
- Next message: Klaus Steden: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Previous message: Brett Glass: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- In reply to: Brett Glass: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Next in thread: Brett Glass: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Reply: Brett Glass: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 1 Oct 2002 16:25:57 -0700 (PDT) From: "f.johan.beisser" <jan@caustic.org> To: Brett Glass <brett@lariat.org>
On Tue, 1 Oct 2002, Brett Glass wrote:
> There are dozens of ways that it can. Think ~/.forward with a piped
> command, for example.
sadly, i have to admit that won't work, not without adding in the leading
"/". remember that "~" is expanded to "/home/$USER". if you can presume
your victim will execute from a specific directory - say "/home/foo/tmp"
- you could include "./../../.forward" inside a subdirectory. but, what's
the guantee that they will be that consistant?
assuming they're untarring in /usr/tmp, /var/tmp, or /tmp will also not
really work, unless you're attacking a specific victim, and have
pre-existing knowledge of their machines setup.
while i do see this as being exploitable, i don't see it being something
that can't be overcome by education and warning.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan@caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Klaus Steden: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Previous message: Brett Glass: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- In reply to: Brett Glass: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Next in thread: Brett Glass: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Reply: Brett Glass: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
