untarring from root dir was[re: install from FreeBSD]
untarring from / is a BAD idea. there are all sorts of nasty tricks you
can do. someone posted a little tarball to bugtraq which, if extracted
in /, would overwrite /etc/passwd even though /etc/passwd did not show
up with `tar -tf blah.tar`. the fellow said it took about 3 seconds to
hexedit the tarball to not show the file.
anyways... sorry this email is so belated. i read this in Kernel Cousin
debian-hurd http://kt.linuxcare.com/KC/debian-hurd/dh20000223_36.epl
cheers,
-s
Reply to: