GNU bug report logs - #25611
26.0.50; dired-do-compress unpacks .tgz files

Package: emacs;

Reported by: Mike Kupfer <mkupfer <at> alum.berkeley.edu>

Date: Fri, 3 Feb 2017 03:51:02 UTC

Severity: normal

Found in version 26.0.50

Message #11 received at 25611 <at> debbugs.gnu.org (full text, mbox):

From: Mike Kupfer <mkupfer <at> alum.berkeley.edu>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 25611 <at> debbugs.gnu.org, ohwoeowho <at> gmail.com
Subject: Re: bug#25611: 26.0.50; dired-do-compress unpacks .tgz files
Date: Sat, 04 Mar 2017 16:01:51 -0800

Glenn Morris wrote:

> Looks like this was added in https://debbugs.gnu.org/20384#11 ?
> I've cc'd the author of that change.

Thanks.

It occurs to me that this could be considered a security vulnerability.
If the .tgz file is (unintentionally) unpacked in $HOME and contains a
.ssh/authorized_keys, that could give an attacker access to the victim's
account.

mike

This bug report was last modified 6 years and 272 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #25611 26.0.50; dired-do-compress unpacks .tgz files

GNU bug report logs - #25611
26.0.50; dired-do-compress unpacks .tgz files