|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Brett Glass (brett_at_lariat.org)
Date: Tue Oct 01 2002 - 17:08:46 CDT
At 03:32 PM 10/1/2002, Kris Kennaway wrote:
>Discussions of licensing and reimplementation of GNU utilities are
>off-topic for security. However, I encourage you to continue this
>discussion in another forum. For example, NetBSD's pax(1) code has a
>half-implemented GNU tar compatibility mode which could be extended to
>cover most of the common GNU tar options.
Yes, it does have most of the features of GNU tar. About the only thing
it's missing is bzip2 capability, which is easy to add. Complete code
to translate the command line options would be dull work but not
technically challenging at all. (It could even be done by a Perl
front end, though it'd be better to reduce it to C.)
In the meantime, though, is there a chance that a fix for the vulnerability
can be slipped into 4.7 prior to release? I'd hate to be exploding a
tarball, as root, and discover that it had upreferenced to the top of
the directory tree and installed something nasty. (If such an
exploit were to hit /etc/crontab, it could run arbitrary code in a
minute or less -- probably before the admin could react.)
--Brett
To Unsubscribe: send mail to majordomo
FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]