Read Time:26 Second
Posted by Georgi Guninski on Jan 14
Hi, thanks for the feedback š
Which version of tar is vulnerable to this attack? I am pretty sure
this was fixed in tar and zip `long long` ago.
tar and zip on fedora 38 are definitely not vulnerable, they clear
the setuid bit.
I continue to suspect this is vulnerability because:
1. There is directory traversal protection for untrusted archives
2. tar and zip and not vulnerable
bash script for setuid files in tar:
#!/bin/bash
mkdir -pā¦