Announcement

Collapse
No announcement yet.

GNU Tar "Pointy Feather" Vulnerability Disclosed (CVE-2016-6321)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • GNU Tar "Pointy Feather" Vulnerability Disclosed (CVE-2016-6321)

    Phoronix: GNU Tar "Pointy Feather" Vulnerability Disclosed (CVE-2016-6321)

    Last week was the disclosure of the Linux kernel's Dirty COW vulnerability while the latest high-profile open-source project going public with a new security CVE is GNU's Tar. Tar CVE-2016-6321 is also called POINTYFEATHER according to the security researchers...

    http://www.phoronix.com/scan.php?pag...Pointy-Feather

  • #2
    Wait, this is new? People been manually editing tar files with lots of "../" to reach the root dir for decades... It's why you're always told to extract as the user, "make" as the user, and only "make install" as root.

    Comment


    • #3
      Originally posted by c117152 View Post
      Wait, this is new? People been manually editing tar files with lots of "../" to reach the root dir for decades... It's why you're always told to extract as the user, "make" as the user, and only "make install" as root.
      GNU tar had code added to mitigate your ability to do this.

      This vulnerability is in said added code, so it's not any worse than if there was no mitigation at all (except for changing people's expectations to think that this type of attack can't happen so they don't need to bother being nonroot...)

      Comment


      • #4
        Originally posted by rincebrain View Post

        GNU tar had code added to mitigate your ability to do this.

        This vulnerability is in said added code, so it's not any worse than if there was no mitigation at all (except for changing people's expectations to think that this type of attack can't happen so they don't need to bother being nonroot...)
        Thanks for the clarification. I'm actually using the "insecure" ../ mechanism on android to dig my way out of the symbolic links soup while keeping relative paths so I was in fact expecting the exact opposite of the GNU way. 0_o

        Comment


        • #5
          It only relates to extracting parts of the archive as specified on the command line after the archive name. It's not possible within the scope of this vulnerability to escape tar's current directory.

          Comment

          Working...
          X