[oclug] "tar" problem
Vic Gedris
vic at gedris.org
Thu Oct 3 12:40:00 EDT 2002
Why is it that only *this week* that I'm seeing security bulletins and
updates for "tar"? The security issue in question is the fact that you
can poison tarballs with files that extract to arbitrary places.
I remember David F. Skoll mentioned this many months (a couple of
years?) ago, and I even saw his post on Bugtraq way back when...
Ohwell.....be careful when you un-tar files, especialyl from untrusted
sources. Never do it as root.
Cheers,
Vic
--
-----------------------------------------------------------------------
Vic Gedris vic-at-gedris.org http://vic.dyndns.org/
-----------------------------------------------------------------------
More information about the OCLUG
mailing list