Subject: Re: tar ignores filenames that contain `..'
To: None <current-users@netbsd.org>
From: Jed Davis <jldavis+netbsdlist@cs.oberlin.edu>
List: current-users
Date: 10/24/2002 02:58:43
On Wed, Oct 23, 2002 at 07:38:00AM -0700, Jason R Thorpe wrote:
> On Wed, Oct 23, 2002 at 11:10:19PM +0900, Shin'ichiro TAYA wrote:
>
> > After switching to pax based tar, tar ignores filenames that contain `..'.
> > But some distfile for pkgsrc contains symlinks that points to file
> > contain '..' then failes to extract.
>
> Actually, I think the new GNU tar does this too.
Not if the new GNU tar is 1.13.25 (which seems to be the version with
the fix for the security thing):
jdev@rubisco$ ls -ld foo :~
drwxr-xr-x 2 jdev wheel 512 Oct 24 02:50 foo
jdev@rubisco$ ls -l foo :~
total 0
lrwxr-xr-x 1 jdev wheel 9 Oct 24 02:50 test.c -> ../test.c
jdev@rubisco$ ident /bin/tar | grep pax :~
$NetBSD: pax.c,v 1.20 2002/10/15 16:16:30 christos Exp $
jdev@rubisco$ /bin/tar cf foo.tar foo :~
tar: Ignoring link containing `..' (../test.c)
jdev@rubisco$ /bin/tar tvf foo.tar :~
drwxr-xr-x 2 jdev wheel 0 Oct 24 02:50 foo
jdev@rubisco$ /usr/bin/tar --version :~
tar (GNU tar) 1.13.25
[copyright elided]
jdev@rubisco$ /usr/bin/tar cf foo.tar foo :~
jdev@rubisco$ /usr/bin/tar tvf foo.tar :~
drwxr-xr-x jdev/wheel 0 2002-10-24 02:50:20 foo/
lrwxr-xr-x jdev/wheel 0 2002-10-24 02:50:19 foo/test.c -> ../test.c
Both executables are from a snapshot I built on the 17th.
--Jed
--
<?xml version="1.0"?> <?xml-stylesheet href="http://panix.com/~jdev/xs/txt.xsl"
type="text/xsl"?> <sig name="Jed Davis"> <id dom="oberlin.edu" lp="sjld8197">
Student, 4th-Year</id><id dom="cs.oberlin.edu" lp="jldavis">CS Major and Student
SysAdmin</id><id dom="panix.com" lp="jdev">Panixer</id> <q href="bin.q"/> </sig>