Date: Mon, 25 Jun 2001 18:36:06 +0400 From: 3APA3A <3APA3A@SECURITY.NNOV.RU> To: roshal@rarsoft.com Cc: ache@FreeBSD.org, ports@FreeBSD.ORG Subject: rar bsd unsafe permissions Message-ID: <62107132848.20010625183606@SECURITY.NNOV.RU>
next in thread | raw e-mail | index | archive | help
Hello roshal, if default rar archive is extracted with `rar x` all files are created with 0777 permissions. It's not good. Latest available version is 2.02. rar 2.0b has directory traversal bug, it allows to create 'trojaned' archive which will place executable files anywhere the creator of archive wants. This bug is patched in 2.02 but I found no information on this in release notices/change log. In conjunction, this 2 small problems create _very huge_ problem for rar users. -- http://www.security.nnov.ru /\_/\ { . . } |\ +--oQQo->{ ^ }<-----+ \ | 3APA3A U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?62107132848.20010625183606>