GNU bug report logs - #25611
26.0.50; dired-do-compress unpacks .tgz files

Previous Next

Package: emacs;

Reported by: Mike Kupfer <mkupfer <at> alum.berkeley.edu>

Date: Fri, 3 Feb 2017 03:51:02 UTC

Severity: normal

Found in version 26.0.50

Full log

View this message in rfc822 format

From: Oleh Krehel <ohwoeowho <at> gmail.com>
To: Mike Kupfer <mkupfer <at> alum.berkeley.edu>
Cc: Glenn Morris <rgm <at> gnu.org>, 25611 <at> debbugs.gnu.org
Subject: bug#25611: 26.0.50; dired-do-compress unpacks .tgz files
Date: Mon, 6 Mar 2017 11:53:15 +0100

Hi Mike,

> It occurs to me that this could be considered a security vulnerability.
> If the .tgz file is (unintentionally) unpacked in $HOME and contains a
> .ssh/authorized_keys, that could give an attacker access to the victim's
> account.

The file is uncompressed into a directory with the same name. So the
file would have to be ~/.ssh.tar.gz. If a user presses "Z" on that
file, it's pretty clear what will happen, same as with "C" on e.g. an
`authorized_keys' file somewhere.

regards,
Oleh
This bug report was last modified 6 years and 271 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.