From owner-freebsd-security@FreeBSD.ORG  Tue Nov 28 20:53:58 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 13ADF16A509;
	Tue, 28 Nov 2006 20:53:58 +0000 (UTC) (envelope-from josh@tcbug.org)
Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.200.83])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AA12243CEC;
	Tue, 28 Nov 2006 20:51:16 +0000 (GMT) (envelope-from josh@tcbug.org)
Received: from gimpy (c-24-118-173-219.hsd1.mn.comcast.net[24.118.173.219])
	by comcast.net (sccrmhc13) with ESMTP
	id <2006112820504101300arjdne>; Tue, 28 Nov 2006 20:50:41 +0000
From: Josh Paetzel <josh@tcbug.org>
To: freebsd-security@freebsd.org
Date: Tue, 28 Nov 2006 14:50:21 -0600
User-Agent: KMail/1.9.4
References: <456C6F30.2090904@FreeBSD.org> <200611281333.32259.josh@tcbug.org>
	<456C9318.4070702@FreeBSD.org>
In-Reply-To: <456C9318.4070702@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="koi8-r"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200611281450.21471.josh@tcbug.org>
Cc: Sergey Matveychuk <sem@freebsd.org>
Subject: Re: GNU Tar vulnerability
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2006 20:53:58 -0000

On Tuesday 28 November 2006 13:50, Sergey Matveychuk wrote:
> Josh Paetzel wrote:
> > On Tuesday 28 November 2006 11:17, Sergey Matveychuk wrote:
> >> Please, note: http://secunia.com/advisories/23115/
> >>
> >> A port maintainer CC'ed.
> >
> > This is one of those things where the impact is hard to determine
> > because the link doesn't really give much info.  Ok, you can
> > overwrite arbitrary files.....ANY file?  Or just files that the
> > user running gtar has write access to?  If it's the first case
> > then that's huge.  If it's the second case then who really cares.
>
> I'm sure it's the second case.
> I think it should care root mostly. But any users dislike too if
> there is a chance to lost their .login, .bashrc etc.
>
> An exploit is available on SecurityFocus.

hrmm....didn't really think this one through.  I was looking at it 
from the 'you have a local user who would want to root your box using 
this' perspective.  Looking at it from a different viewpoint, 
say, 'you have someone who would like to do mean things from remote 
by providing you with corrupt tar archives' puts a different spin on 
it altogether.

-- 
Thanks,

Josh Paetzel