[1424] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: GNU tar vulnerability

daemon@ATHENA.MIT.EDU (Comfort is Treachery)
Tue Feb 4 20:31:00 1997

Date: Tue, 4 Feb 1997 22:46:06 +0100 (MET)
From: Comfort is Treachery <wvdputte@reptile.rug.ac.be>
To: linux-security@redhat.com
In-Reply-To: <Pine.SUN.3.95.970203200557.16787B-100000@kiki>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

> Well, I've tried on Linux and HPUX, and when you do : tar xvf file.tar
> all the files have got the ID of the user who have done the tar command.

run tar as root?
don't use the -p flag

> Anyway, it seems to be normal, you can't put your home linux root shell on
> a disk and then after mount the disk on an other Linux system as a
> normal user and run your root shell ...

you would let users mount remote file systems? with the suid flag 
switched on in /etc/fstab?

god....

[Mod: Lets consider this topic closed as it is clearly a case of
misconfigured system -- alex]

*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*
Wim Vandeputte                                --So pound the nails in tight-- 


home help back first fref pref prev next nref lref last post