[Stable 7] CPIO breakage/
Sean
sean at gothic.net.au
Thu Jun 17 22:30:10 UTC 2010
On 18/06/2010, at 8:02 AM, Leif Walsh wrote:
> On Thu, Jun 17, 2010 at 2:54 PM, Sean <sean at gothic.net.au> wrote:
>> Easy.
>> Create a symlink etc, to /etc
>> Create a file etc/passwd containing whatever you want.
>
> This could be an artifact of coming from the Linux world and knowing
> little about the BSD kernel (and I should probably lurk a bit longer
> before posting on a new list), but wouldn't the symlink resolve and
> result in a totally new chain of lookup/permissions calls? I don't
> see how making a symlink to a location allows you to change the
> permissions of that location just by changing the permissions of the
> symlink.
>
It only works if the user extracting already has permission to write there anyway. It's a means of taking advantage of a privileged user who extracts the tar.
> --
> Cheers,
> Leif
More information about the freebsd-stable
mailing list