On Tue, 22 Sep 1998, Willy TARREAU wrote: > Here's an example of a tar file which will overwrite your /etc/profile to > make it add "+ +" to root's .rhosts next time he logs in. So if part of its > directory architecture is included in any package, a root user could un-tar > it to any location without really noticeing that /etc/profile has been > rewritten. Perhaps I'm being a bit harsh, but I just thought that I'd point out that certain programs have in fact been written with capabilities to modify files. If you are going to be running programs on your computer, you should expect this and take appropriate precautions. I like biosuits. In the case of tar files, are a couple tar options (from the tar manpage on IRIX 6.5): R When extracting from tape, ignore leading slashes on file names, i.e., extract all files relative to the current directory. This also applies (as of IRIX 6.2) to any links that are restored (and symbolic links if specified as RR). When specified as RRR, all filenames (including the targets of symbolic links) are made directory relative; that is, they are extracted as ./filename. This mode is intended for the use of programs running as root, such as tardist, that want to be sure that they do not overwrite system files when extracting archives, either by accident, or through a trojan horse attack. Since the t,x and other options referring to specific files use pattern matching, you must omit the leading '/' when specifying directory or filenames with those options when using the R option. Thus, to extract /a/b/c with a relative pathname, you would do: tar xvR a/b/c Earlier releases prepended a leading '.', requiring the use of: tar xvR ./a/b/c The way to check for sure is to use: tar tvR | head -2 and then use whichever format is used in the output list. If specified as RRR, all directory information is stripped from pathnames in the archive, including the pathnames of symbolic links. All files will be written to the current directory; no directories will be created; symbolic links will only refer to files in the current directory. Note that if two or more different files in the archive have the same filename but have different pathnames, the last file extracted will overwrite any earlier file with the same filename. N When extracting files, extract the file only if it is new; that is, if the stat(2) system call fails on the pathname that is about to be extracted. When listing files with the t key, only list them if they would be extracted (that is, the file doesn't exist). w tar prints the action to be taken followed by file name, then waits for user confirmation. If a word beginning with `y' is given, the action is done. Any other input means do not do it. These options may or may not exist on your version of tar. But I believe the point is that you should be careful if a) you are running untrusted programs, b) you are running trusted programs with untrusted input, or c) you are running anything as root. I fear that we may soon be seeing warnings like the following (extremely sarcastic example) on the bugtraq list. Can we avoid this please? ------------------------------------- I too have discovered a very dangerous situation. While investigating "rm" I discovered that if you pass it a certain set of characters as parameters while running it as root, it can erase your whole filesystem! Here is the exploit command: rm -rf / I tried to contact the authors of rm but I think they must all be dead (or at least senile) by now. ------------------------------------- -- Amos Hayes Systems Architect ahayesat_private Ingenia Group - Software Kinetics Ltd. http://polkaroo.net/~ahayes http://www.ingenia.com "Remember: No one can make you feel inferior without your consent." - ELEANOR ROOSEVELT
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:44 PDT