[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tarfs implementation

From: Richard Kreuter
Subject: Re: tarfs implementation
Date: Tue, 19 Mar 2002 11:37:55 -0500
User-agent: Mutt/1.3.27i

On Tue, Mar 19, 2002 at 03:39:05PM +0100, Ludovic Courts wrote:
> Several people have recently talked about the potential security
> risks implied by the use of a tarfs server. Since this is a quite
> famous example, I'm wondering: has anyone already started
> implementing it? If not, I would be interested in trying to dive
> into it (even though I actually don't know much about tar, while
> Thomas Bushnell has been involved in its development, right?).

  There are some discussions of this in the list archives of
debian-hurd and bug-hurd.  If I understand and remember these
discussions correctly, the first thing for an enterprising hacker to
do is to add some gnu extensions to tar (e.g. to store and restore
translator settings, node author fields, permissions for users without
auth tokens and so forth).  However, the tar source has been described
as being pretty hairy, and not for the fainthearted.

Hope that helps,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]