At 00:49 30.11.2006, you wrote:
I personally have no real answers for you on this, but doesn't your
distro have 'pax' available where you could simply install the pax
package/port/whatever?
no distro - it's linux from scratch...
Gary V
At 01:54 30.11.2006, you wrote:
why can using cpio be a security risk? (i'm using cpio (GNU cpio) 2.7)
cpio can be tricked to decode multiple archive components into the same file,
overwriting previous contents, which could help in camouflaging a virus.
thank you for explaining it.
pax has
found this in amavisd.log (i inserted the line breaks for better reading...):
#
(!)WARN: Using cpio instead of pax can be a security risk;
please add: $pax='pax'; to amavisd.conf and check that the pax(1) utility
MK wrote:
found this in amavisd.log (i inserted the line breaks for better reading...):
#
(!)WARN: Using cpio instead of pax can be a security risk;
please add: $pax='pax'; to amavisd.conf and check that the
why can using cpio be a security risk? (i'm using cpio (GNU cpio) 2.7)
cpio can be tricked to decode multiple archive components into the same file,
overwriting previous contents, which could help in camouflaging a virus.
pax has options which can reduce the problem to large extent (including
tar is very much nonstandard and limited in formats ...
...nonstandard across platforms that is, each Unix variant has quite a
different tar, while pax is pretty much the same everywhere.
Mark
-
Take Surveys. Earn Cash.
