On Sat, Oct 26, 2002 at 11:17:32AM -0400, Todd Vierling wrote:
   > And one more round, after thinking about it last night.
   > 
   > It occurred to me that, now that the assessment of the issue has changed
   > from the content of symlinks to the act of *following* symlinks, that the
   > protections mentioned in the proposal could be applied as default behavior,
   > and all this can be distilled/simplified further.
   
   Since the actual problem is that following a symlink might take
   you outside the current directory hierarchy, why not make pax
   chroot to the current directory before reading the archive?
   
   Have I missed something?

can't chroot as a normal user?


how about systrace?  ;-)



.mrg.