Recent Posts

Beware of wilcards paths in sudo commands

7 minute read

Say you want to allow a non-root user on Linux to execute a couple of scripts as root or another user with more privileges. A common way of doing this is to ...

Python tarfile directory traversal

12 minute read

Currently, there’s a lot of hype around the behavior of Python’s tarfile module for extracting archives. In short: tarfile will not sanitize filenames in arc...