Re: Hurd FS hierarchy (was Re: LD_LIBRARY_PATH troubles)

[Niels Möller]

Richard Kreuter <kreuter@ausar.rutgers.edu> writes:

>   <Slightly offtopic> There is also the possibility of 'malicious
> servers', say, a server that tries to remove the files in the owner's
> home directory when it starts up.

Well, translators run as the owner of the node to which they are
attached. Don't attach translators you don't trust to your files.

> Suppose a tarfs that honors translator settings in arbitrary
> archives; then looking at a filesystem presentation of an archive
> that contains such a malicious server and a node with that server
> set on it will be pretty unpleasant.

Hmm. That's slightly than tarfiles containing executables or setuid
executables. It might make sense to make tar more paranoid by default,
with some option to make it accept dangerous things.

But that paranoid tar-behaviour should also do some other checks, like
not overwriting arbitrary files (like you can do by having the tarfile
include a symlink to /somewhere, and then some contents for somewhere,
iirc), and I'd be most happy if it also requires the tar file to
create all files into a new subdirectory.

But then again, it's common practice to distribute executable code,
e.g. configure scripts, Makefile, even C-code ;-), which users are
encouraged to run, as tar files.

So translators are not the first security problem with extracting
malicious tar-files.

/Niels