[Bug-tar] --rsh-command default

bug-tar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-tar] --rsh-command default

From:	Solar Designer
Subject:	[Bug-tar] --rsh-command default
Date:	Fri, 19 Mar 2010 12:28:54 +0300
User-agent:	Mutt/1.4.2.3i

Sergey,

In light of CVE-2010-0624, I'd like to propose a change of default for
tar.  Specifically, how about changing the --rsh-command option to have
no default?  If this option is not given, then the "remote
functionality" should be disabled.  If a filename looks like it is
"remote" and neither the --rsh-command nor the --force-local option is
given, then tar should fail with an error.

This will preserve compatibility with those existing scripts that use
the --rsh-command option explicitly, as well as indeed with those that
don't need the "remote functionality".  The few that don't pass
--rsh-command, yet rely on being able to access remote servers via tar's
compile-time default for the command, will break in a fail-close way.
I think that's OK - and is much better than the present situation, where
we are exposed to the risk of further "remote" attacks on
meant-to-be-local-only invocations of tar.

What do you think?

Thanks,

Alexander

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-tar] --rsh-command default, Solar Designer <=
- Re: [Bug-tar] --rsh-command default, Sergey Poznyakoff, 2010/03/19
  - Re: [Bug-tar] --rsh-command default, Solar Designer, 2010/03/19
  - Re: [Bug-tar] --rsh-command default, Solar Designer, 2010/03/21

Prev by Date: [Bug-tar] Re: feature request: support for multithreaded lzma(2) compression
Next by Date: Re: [Bug-tar] --rsh-command default
Previous by thread: [Bug-tar] feature request: support for multithreaded lzma(2) compression
Next by thread: Re: [Bug-tar] --rsh-command default
Index(es):
- Date
- Thread