Subject: Re: tar ignores filenames that contain `..'
To: <>
From: Ignatios Souvatzis <ignatios@theory.cs.uni-bonn.de>
List: tech-pkg
Date: 10/31/2002 10:48:32
--9jxsPFA5p3P2qPhR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Oct 31, 2002 at 09:37:25AM +0000, David Laight wrote:
> On Sat, Oct 26, 2002 at 11:17:32AM -0400, Todd Vierling wrote:
> > And one more round, after thinking about it last night.
> >=20
> > It occurred to me that, now that the assessment of the issue has changed
> > from the content of symlinks to the act of *following* symlinks, that t=
he
> > protections mentioned in the proposal could be applied as default behav=
ior,
> > and all this can be distilled/simplified further.
>=20
> Since the actual problem is that following a symlink might take
> you outside the current directory hierarchy, why not make pax
> chroot to the current directory before reading the archive?
>=20
> Have I missed something?
-C. And if I'm not wrong, thats positional, so potentially multiple -Cs.
-is
--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: 2.6.i
iQEVAgUBPcD8TDCn4om+4LhpAQGDlggAlOyJFhhHbiiIya0kvOhuZ7qZ2AJXncRF
Y49LdBgLGeB9TbUQsAzZ2FT8w15jY4KfENoo/0AyGNIWl7JcMUxRIyJmCFrtSB8X
wzkIBpfJIGitvGRGPWxuKkrP7ApDMsMzBZQkNt+ytGYIxW3T8mwWsOU3W7+DwpTd
YBhhs1RR2LhWsRSHjpXF4gMngbVu2+ctgHdkVyMcAHyb+7y4J2JTbQ9k2JjjKLz0
eKuI7aZ3gS2FFjU0hvCVHvi3niAAqwzFcXq2L6DbZqUBe359sC2b84inI3xg29WS
QkP05jrozjBm6kj1hqb7u4bKo6H3DVe72O3aVlLe5e6YGjWFRGlAHA==
=Ihed
-----END PGP SIGNATURE-----
--9jxsPFA5p3P2qPhR--