Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] GNU tar directory traversal
From: Siim Põder (windop6drad-teel.net)
Date: Wed Nov 22 2006 - 11:12:09 CST
> Siim Põder wrote:
>> That has little to do with the actual vulnerability, hasn't it? It's a
>> possible workaround though, so that's great.
> that's not a workaround. tar is supposed to overwrite files. If you
> don't want that behavior, use "-w".
But not outside cwd or another directory specified by the -C option.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/