[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

untarring from root dir was[re: install from FreeBSD]

untarring from  / is a BAD idea. there are all sorts of nasty tricks you
can do. someone posted a little tarball to bugtraq which, if extracted
in /, would overwrite /etc/passwd even though /etc/passwd did not show
up with `tar -tf blah.tar`. the fellow said it took about 3 seconds to
hexedit the tarball to not show the file.

anyways... sorry this email is so belated. i read this in Kernel Cousin
debian-hurd http://kt.linuxcare.com/KC/debian-hurd/dh20000223_36.epl


Reply to: