Skip to main content.

2002-Oct-07

send-pr for tar vulnerabilities: security/18578. Arbitrary files can be overwritten during archive extraction. I think that the /usr/bin/tar should be a wrapper for pax. (wiz said new "pax-as-tar handles this correctly"; closed PR on 19/Jan/2003. Fix needs to be done in official release though.)

slip no longer working from 1.5.3 to new 1.6. No errors, just no traffic. netstat tells me that it is receiving traffic when I ping it, but nothing returns:

sl0*  296                                  57722          0
(Also slstats shows no traffic sent.)

I know the serial (non-slip) connection works fine, because I can run a getty on it and then login with cu just fine.

I send-pr'd this on Oct. 25. (See later.)