You like symlink exploits in gnu tar , busybox tar , node tar , or one of the many other tar implementation?
You thought about directory traversal attacks using ā..ā, but not about url-encoding using ā.%2eā like Apache?
You like confused deputy attacks leading to privilege escalation, using i.e. Xorg?
I want to know your (least-) favorite filesystem bugs or exploits as long as its related to filesystem implementations , the POSIX or Linux (, maybe even Windows) filesystem API , or related to tools like tar that take some kind of filesystem snapshot.
Please open an issue on github issue tracker or write me at rnxpyke (a t) gmail (d o t) com if you have something that fits these criteria.