grub and alpha tar

Richard Lightman richard at nezumi.plus.com
Tue Oct 8 04:30:58 PDT 2002


* Christian Mudra <mudra at informatik.uni-kl.de> [2002-10-08 11:56]:
> 
> I've also changed to tar 1.13.25 because of the --exclude option,
> as I need that for some automatic archive generation in nightly cronjobs.
> Have never seen any probs. But in the last days, this issue showed up:
> http://www.securityfocus.com/bid/5834
> 
This is nothing new. The bug is certainly in version 1.13, and has
probably been around for a long time. In the past the partial fix
was never to extract a tar file as root. If people think they are
safe against this, try extracing the attached archive.

WARNIMG: This archive attempts to overwrite /bin/trojan.

Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: flaw_test.tar.bz2
Type: application/octet-stream
Size: 274 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-dev/attachments/20021008/dabd5ffa/attachment.obj>


More information about the lfs-dev mailing list