Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)

From: Brett Glass (brett@lariat.org)
Date: 10/02/02

• Next message: f.johan.beisser: "Re: RE: Is FreeBSD's tar susceptible to this?"
• Previous message: Don Lewis: "Re: RE: Is FreeBSD's tar susceptible to this?"
• In reply to: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
• Next in thread: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
• Reply: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 01 Oct 2002 17:36:51 -0600
To: "f.johan.beisser" <jan@caustic.org>
From: Brett Glass <brett@lariat.org>

At 05:25 PM 10/1/2002, f.johan.beisser wrote:

>sadly, i have to admit that won't work, not without adding in the leading
>"/". remember that "~" is expanded to "/home/$USER".

I was using the ~ notation as a shorthand. The point is that if you can
get at a user's .forward file, that's sufficient to run code as him/her.
There are lots of other clever ways, too; that's just the first
example that came to mind.

Rather than give someone the opportunity to find a clever exploit, I think
we'd best just close the hole. ;-)

--Brett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: f.johan.beisser: "Re: RE: Is FreeBSD's tar susceptible to this?"
• Previous message: Don Lewis: "Re: RE: Is FreeBSD's tar susceptible to this?"
• In reply to: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
• Next in thread: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
• Reply: f.johan.beisser: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: OT - water in basement again ... Actually - thought I was being clever, making up new lyrics to "Another ... Guess humor is highly personal at 3:45 am. ... I admit, i didn't catch onto the rhythm at first. ... (alt.support.arthritis) Re: The factoring problem ... > I've been reading a bit on public key cryptography ... > and RSA, ... > and have to admit it's clever. ... (sci.math) Re: Aerial being fitted - what QC should I look for? ... Though I have to admit that the "being clever by buying ... forum I made sure I sought out good advice as to which aerial to buy, ... (uk.tech.digital-tv) Re: tar/security best practice (was Re: RE: Is FreeBSDs tar susceptible to this?) ... On Tue, 1 Oct 2002, Brett Glass wrote: ... > I was using the ~ notation as a shorthand. ... > Rather than give someone the opportunity to find a clever exploit, ... (FreeBSD-Security) Re: The factoring problem ... >> I've been reading a bit on public key cryptography and RSA, ... >> and have to admit it's clever. ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-10