Subject: Re: tar ignores filenames that contain `..'
To: Jason R Thorpe <email@example.com>
From: Chuck Yerkes <firstname.lastname@example.org>
Date: 10/24/2002 09:32:37
I might suggest that checking just "../" is short sighted.
Checking for combinations of one or more "../" that
pass $TOP of the tree are the dangers. Beneath my tar
"tree", I don't and shouldn't care about relative links;
only when it passes the TOP of the tree do I get anxious.
Quoting Jason R Thorpe (email@example.com):
> On Wed, Oct 23, 2002 at 11:10:19PM +0900, Shin'ichiro TAYA wrote:
> > After switching to pax based tar, tar ignores filenames that contain `..'.
> > But some distfile for pkgsrc contains symlinks that points to file
> > contain '..' then failes to extract.
> Actually, I think the new GNU tar does this too.
> -- Jason R. Thorpe <firstname.lastname@example.org>