Announcement

Collapse
No announcement yet.

GNU Tar "Pointy Feather" Vulnerability Disclosed (CVE-2016-6321)

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    GNU Tar "Pointy Feather" Vulnerability Disclosed (CVE-2016-6321)

    Phoronix: GNU Tar "Pointy Feather" Vulnerability Disclosed (CVE-2016-6321)

    Last week was the disclosure of the Linux kernel's Dirty COW vulnerability while the latest high-profile open-source project going public with a new security CVE is GNU's Tar. Tar CVE-2016-6321 is also called POINTYFEATHER according to the security researchers...

    GNU Tar "Pointy Feather" Vulnerability Disclosed (CVE-2016-6321) - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=GNU-Tar-Pointy-Feather
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Wait, this is new? People been manually editing tar files with lots of "../" to reach the root dir for decades... It's why you're always told to extract as the user, "make" as the user, and only "make install" as root.
    • Likes 2

    Comment

    • #3
      Originally posted by c117152 View Post
      Wait, this is new? People been manually editing tar files with lots of "../" to reach the root dir for decades... It's why you're always told to extract as the user, "make" as the user, and only "make install" as root.
      GNU tar had code added to mitigate your ability to do this.

      This vulnerability is in said added code, so it's not any worse than if there was no mitigation at all (except for changing people's expectations to think that this type of attack can't happen so they don't need to bother being nonroot...)

      Comment

      • #4
        Originally posted by rincebrain View Post

        GNU tar had code added to mitigate your ability to do this.

        This vulnerability is in said added code, so it's not any worse than if there was no mitigation at all (except for changing people's expectations to think that this type of attack can't happen so they don't need to bother being nonroot...)
        Thanks for the clarification. I'm actually using the "insecure" ../ mechanism on android to dig my way out of the symbolic links soup while keeping relative paths so I was in fact expecting the exact opposite of the GNU way. 0_o

        Comment

        • #5
          It only relates to extracting parts of the archive as specified on the command line after the archive name. It's not possible within the scope of this vulnerability to escape tar's current directory.

          Comment

          Previous template Next
          Working...
          X