[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-tar] --rsh-command default
From: |
Solar Designer |
Subject: |
[Bug-tar] --rsh-command default |
Date: |
Fri, 19 Mar 2010 12:28:54 +0300 |
User-agent: |
Mutt/1.4.2.3i |
Sergey,
In light of CVE-2010-0624, I'd like to propose a change of default for
tar. Specifically, how about changing the --rsh-command option to have
no default? If this option is not given, then the "remote
functionality" should be disabled. If a filename looks like it is
"remote" and neither the --rsh-command nor the --force-local option is
given, then tar should fail with an error.
This will preserve compatibility with those existing scripts that use
the --rsh-command option explicitly, as well as indeed with those that
don't need the "remote functionality". The few that don't pass
--rsh-command, yet rely on being able to access remote servers via tar's
compile-time default for the command, will break in a fail-close way.
I think that's OK - and is much better than the present situation, where
we are exposed to the risk of further "remote" attacks on
meant-to-be-local-only invocations of tar.
What do you think?
Thanks,
Alexander
- [Bug-tar] --rsh-command default,
Solar Designer <=