Hello, Siim Põder wrote: > So, for example, I make a tar archieve that contains a symlink to > 'bla'->'/etc' and 'bla/passwd', that - if opened by root - would > overwrite the passwd file.
right from the man page: A confirmation is needed if -w is used. > Discussing wether root should ever run tar is irrelevant. Agreed, the discussion whether root should *run* tar or not is irrelevant. One shouldn't *trust* tar files from unknown/untrusted sources, root or not. GTi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
