Package: tar Version: 1.14-2.4 Severity: grave Tags: security Justification: renders package unusable
# cd /; tar -f /dev/mt0 etc var usr home behaved unexpectedly. There wasn't a device /dev/mt0, but instead backup was created in regular file until the partition was filled. This behavior is misleading, and a security hole, because the administrator can be left thinking he backed up the system, while in effect he backed it up to his own disk, and ends with nothing on tape. Some warning ought to be issued that /dev/ddn is accessed and there is no such device, as it is unexpected behavior to create huge tarballs under /dev. Rgds, [EMAIL PROTECTED] -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.24.2-grsec Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages tar depends on: ii libc6 2.3.2.ds1-22sarge6 GNU C Library: Shared libraries an -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
