[3218] in bugtraq
Re: WU.FTPD vulnerability: gnu tar possibly others
daemon@ATHENA.MIT.EDU (Christian Limpach)
Tue Aug 20 01:52:50 1996
Date: Tue, 20 Aug 1996 00:18:01 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Christian Limpach <Christian.Limpach@NICE.CH>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199608191309.OAA18348@cableol.net> (message from Alan Cox on
Mon, 19 August 1996 14:09:19 +0100)
> quote site exec tar -c -v --rsh-command=commandtorunasftp -f somebox:foo foo
since _PATH_EXECPATH defaults to /bin/ftp-exec and at least I don't
install tar therein, you can't site exec tar. I have the commands
used by ftp.conversions (like tar) in /bin. Or am I missing
something ?
> Fix:
> Use a dumber tar. Also carefully evaluate any other binaries
> you have to avoid unpleasant and similar suprises.
or have no binaries in the _PATH_EXECPATH.
christian
--
Christian Limpach, CS-Student @ ETH Zurich, Switzerland.
http://nice.ethz.ch/~chris --- System-Administration VIS/NiCE
member of the managing board of VIS (http://www.vis.inf.ethz.ch/)
