Numbers Ownership after tarring
Matthew Miller
mattdm at mattdm.org
Fri Apr 15 13:25:03 UTC 2005
On Fri, Apr 15, 2005 at 12:54:51PM +0900, Mark Sargent wrote:
> yes, of course, but, it's handy to have the option. Example, when
> downloading/installing phpmyadmin, I had to cp the tar.gz to
> /var/www/html, cd into the html dir, extract, then rm the tar.gz. Much
> faster to just tar with the options --directory= and --no-same-name and
> then it's just a matter of cd'ing into the new directory..cheers.
But much more dangerous. See this, for example:
<http://rhn.redhat.com/errata/RHSA-2002-096.html>
A directory traversal vulnerability in unzip version 5.42 and earlier,
as well as GNU tar 1.13.19 and earlier, allows attackers to overwrite
arbitrary files during archive extraction via a ".." (dot dot) in an
extracted filename. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2001-1267 and CAN-2001-1268 to
this issue.
That was several years ago, but there could be other such problems. You're
untarring in /var/www/html, and oops, the archive contains
../../../etc/passwd....
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-list
mailing list