Jeb Osama wrote: > > LOLOLOLOLOLOLOLOLOL > Thats pretty much the purpose of symlinks.. Whats your point in > posting this fact in FD?
I tried to say that you shouldn't extract tar archives that come from someone you don't trust. If you extract an untrusted tar archive (for example, download it from the web, or receive it as a e-mail attachment) as root it's as bad as running an untrusted program as root because the tar archive could replace any file (/bin/ls, /bin/bash, the kernel, etc) in the system. Even the coders of tar would realize this is a security risk. I know this because , in the tar code, they really try to make it impossible to extract files outside the "extraction directory". -- fscanf(socket,"%s",buf); printf(buf); sprintf(query, "SELECT %s FROM table", buf); sprintf(cmd, "echo %s | sqlquery", query); system(cmd); Teemu Salmela _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
