[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-tar] --rsh-command default

From: Solar Designer
Subject: [Bug-tar] --rsh-command default
Date: Fri, 19 Mar 2010 12:28:54 +0300
User-agent: Mutt/


In light of CVE-2010-0624, I'd like to propose a change of default for
tar.  Specifically, how about changing the --rsh-command option to have
no default?  If this option is not given, then the "remote
functionality" should be disabled.  If a filename looks like it is
"remote" and neither the --rsh-command nor the --force-local option is
given, then tar should fail with an error.

This will preserve compatibility with those existing scripts that use
the --rsh-command option explicitly, as well as indeed with those that
don't need the "remote functionality".  The few that don't pass
--rsh-command, yet rely on being able to access remote servers via tar's
compile-time default for the command, will break in a fail-close way.
I think that's OK - and is much better than the present situation, where
we are exposed to the risk of further "remote" attacks on
meant-to-be-local-only invocations of tar.

What do you think?



reply via email to

[Prev in Thread] Current Thread [Next in Thread]