[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#25611: 26.0.50; dired-do-compress unpacks .tgz files
From: |
Mike Kupfer |
Subject: |
bug#25611: 26.0.50; dired-do-compress unpacks .tgz files |
Date: |
Sat, 04 Mar 2017 16:01:51 -0800 |
Glenn Morris wrote:
> Looks like this was added in https://debbugs.gnu.org/20384#11 ?
> I've cc'd the author of that change.
Thanks.
It occurs to me that this could be considered a security vulnerability.
If the .tgz file is (unintentionally) unpacked in $HOME and contains a
.ssh/authorized_keys, that could give an attacker access to the victim's
account.
mike
- bug#25611: 26.0.50; dired-do-compress unpacks .tgz files,
Mike Kupfer <=