[Ilugc] TAR security

• From: kapil@xxxxxxxxxxx (Kapil Hari Paranjape)
• Date: Sat Jul 5 19:45:13 2008

Hello,

On Sat, 05 Jul 2008, Masatran, R. Deepak wrote:

It is the responsibility of the archive creator to follow the convention.
What if the archive was created from within the directory, ie, what if:

    cd foo && tar -cf ../foo.tar *

Malicious tricks are also possible: For example, if I am extracting
something in my home directory, what if the archive overwrote .bash_profile
or .bashrc ?

Why not experiment and find out?! 

On Fri, 04 Jul 2008, Kapil Hari Paranjape wrote:

(Don't believe me! Just test it out!)

Hint: You need to _force_ GNU tar to create an archive with funny
paths by using the " -P " option. Do not use this option while
extracting the archive and see what happens.

Regards,

Kapil.
--

• References:
  • [Ilugc] TAR security
    • From: Masatran, R. Deepak
  • [Ilugc] TAR security
    • From: Arun Khan
  • [Ilugc] TAR security
    • From: Masatran, R. Deepak
  • [Ilugc] TAR security
    • From: Kapil Hari Paranjape

Other related posts:

• » [Ilugc] TAR security- Masatran, R. Deepak
• » [Ilugc] TAR security- Arun Khan
• » [Ilugc] TAR security- Kapil Hari Paranjape
• » [Ilugc] TAR security- Masatran, R. Deepak
• » [Ilugc] TAR security - Kapil Hari Paranjape

1. Home
2. ilugc
3. Archive
4. 07-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---