Re: bsdcpio and bsdtar installed by default

To: tech-userlevel%netbsd.org@localhost
Subject: Re: bsdcpio and bsdtar installed by default
From: Alistair Crooks <agc%pkgsrc.org@localhost>
Date: Sun, 22 Jun 2008 08:13:19 +0100

On Wed, Jun 04, 2008 at 10:25:37PM +0200, Joerg Sonnenberger wrote:
> FreeBSD currently has a SoC project that will extend libarchive support
> and a pax frontend might be the result. In the long run I want to
> completely move to libarchive, so it would be nice if people look at the
> differences and evaluate what is needed and what can go as historic
> legacy.

So ignoring the slur of "historic legacy", and, yes, I do realise I
am standing in the way of progress for a moment, and that it's just
something I'll have to live with for the rest of my days,

        http://www.novell.com/linux/security/advisories/2007_15_sr.html

has an interesting section about security problems in libarchive.

   - libarchive security problems

     Several problems in libarchive were fixed.

     Specially crafted tar-archives could cause programs based on
     libarchive to crash, to run into an endless loop or potentially
     to even execute arbitrary code (CVE-2007-3641, CVE-2007-3644,
     CVE-2007-3645).

Is this the same libarchive that you want to see us move towards?

Thanks,
Al

Follow-Ups:
- Re: bsdcpio and bsdtar installed by default
  - From: Tonnerre Lombard

References:
- bsdcpio and bsdtar installed by default
  - From: Joerg Sonnenberger

Prev by Date: Re: bsdcpio and bsdtar installed by default
Next by Date: Re: bsdcpio and bsdtar installed by default
Previous by Thread: Re: bsdcpio and bsdtar installed by default
Next by Thread: Re: bsdcpio and bsdtar installed by default
Indexes:

Home | Main Index | Thread Index | Old Index