[1424] in linux-security and linux-alert archive
[linux-security] Re: Re: GNU tar vulnerability
daemon@ATHENA.MIT.EDU (Comfort is Treachery)
Tue Feb 4 20:31:00 1997
Date: Tue, 4 Feb 1997 22:46:06 +0100 (MET)
From: Comfort is Treachery <wvdputte@reptile.rug.ac.be>
To: linux-security@redhat.com
In-Reply-To: <Pine.SUN.3.95.970203200557.16787B-100000@kiki>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
> Well, I've tried on Linux and HPUX, and when you do : tar xvf file.tar
> all the files have got the ID of the user who have done the tar command.
run tar as root?
don't use the -p flag
> Anyway, it seems to be normal, you can't put your home linux root shell on
> a disk and then after mount the disk on an other Linux system as a
> normal user and run your root shell ...
you would let users mount remote file systems? with the suid flag
switched on in /etc/fstab?
god....
[Mod: Lets consider this topic closed as it is clearly a case of
misconfigured system -- alex]
*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*
Wim Vandeputte --So pound the nails in tight--