untarring from root dir was[re: install from FreeBSD]

To: Marcus.Brinkmann@ruhr-uni-bochum.de
Cc: debian-hurd@lists.debian.org
Subject: untarring from root dir was[re: install from FreeBSD]
From: Stephen Waters <swaters@amicus.com>
Date: Wed, 23 Feb 2000 17:45:01 -0600
Message-id: <38B470FD.F256633F@amicus.com>

untarring from  / is a BAD idea. there are all sorts of nasty tricks you
can do. someone posted a little tarball to bugtraq which, if extracted
in /, would overwrite /etc/passwd even though /etc/passwd did not show
up with `tar -tf blah.tar`. the fellow said it took about 3 seconds to
hexedit the tarball to not show the file.

anyways... sorry this email is so belated. i read this in Kernel Cousin
debian-hurd http://kt.linuxcare.com/KC/debian-hurd/dh20000223_36.epl

cheers,
-s

Reply to:

debian-hurd@lists.debian.org
Stephen Waters (on-list)
Stephen Waters (off-list)

Prev by Date: Re: Another User!
Next by Date: Me again (Postgresql)
Previous by thread: Re: Small Bug
Next by thread: Me again (Postgresql)
Index(es):
- Date
- Thread