[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-tar] BUG: incorrectly creates hard links in archive
From: |
Gunnar Ritter |
Subject: |
Re: [Bug-tar] BUG: incorrectly creates hard links in archive |
Date: |
Sat, 10 Jul 2004 20:04:28 +0200 |
User-agent: |
nail 10.9pre 7/10/04 |
Joerg Schilling <address@hidden> wrote:
> >From: Toby Peterson <address@hidden>
> >[...]
> >-rw-r--r-- toby/toby 5 Jul 9 17:30 2004 tartest/test1/test.txt
> >-rw-r--r-- toby/toby 0 Jul 9 17:30 2004 tartest/test1/test.txt
> >[...]
>
> This is a problem that I dod document quite some time ago...
>
> It allows you to use most tar implementations to be used to remve
> arbitrary files! I call it a big security issue for this reason.
This is certainly not a security issue since tar is able to delete
the content of arbitrary files anyway, or to create directories,
symlinks or FIFOs in their place.
Users just have to look at the contents of tar archives very carefully
before they try to extract them.
Gunnar
--
http://omnibus.ruf.uni-freiburg.de/~gritter