Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: unarj dir-transversal bug (../../../..)
From: evilninja <evilninja () gmx net>
Date: Tue, 12 Oct 2004 13:53:41 +0200

Hash: SHA1

Chris Umphress wrote:
...somehow i don't expect programs to mess with /usr. not as a user and
not as root.

I just picked /usr, it could have been /etc, /var or any other
standard directory that every *nix distribution has. Regardless, if I
try to make unarj write to a directory that I don't have the
neccessary permissions for, it asks me to pick an alternate location
to extract to.

yes, but this is the point! when i happen to unarj a package with the
unarj version you have as user "root", then unarj *will* have the
permission to overwrite /etc or whatever. it won't kindly ask but just
overwrite, or does it? (you've shown unarj in action with sudo when
test.txt was non-existant).

- --
BOFH excuse #290:

The CPU has shifted, and become decentralized.
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]