lotp icon indicating copy to clipboard operation
lotp copied to clipboard

Published 20 hours ago verified publisher icon boostsecurityio

[LOTP] Add tar

Open fproulx-boostsecurity opened this issue 7 months ago • 0 comments

Description of the LOTP tool

tar is a common UNIX tool to create and extract tarballs.

zipslip

https://security.snyk.io/research/zip-slip-vulnerability

tools like tar can, if used with dangerous flags leads to arbitrary file write outside the "sandbox", this requires using -P / --absolute-paths (as documented here https://man.freebsd.org/cgi/man.cgi?tar(1)#SECURITY)

fproulx-boostsecurity avatar Jul 17 '24 15:07 fproulx-boostsecurity