Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Tar extract behaviour changed
On Mon, Oct 21, 2019 at 05:34:44PM -0000, Christos Zoulas wrote:
> In article <20191021163005.GA4922%bec.de@localhost>,
> Joerg Sonnenberger <joerg%bec.de@localhost> wrote:
> >On Mon, Oct 21, 2019 at 06:29:18AM -0700, Hisashi T Fujinaka wrote:
> >> On Mon, 21 Oct 2019, Martin Husemann wrote:
> >>
> >> > On Mon, Oct 21, 2019 at 11:54:44AM +0200, J. Hannken-Illjes wrote:
> >> > > Somewhere between Netbsd-8 and NetBSD-9 "tar" changed its behaviour
> >> > > when it has to extract a directory and the path exists as a symlink.
> >> >
> >> > I still believe it should be fixed, but J?rg disagrees. You need to use -P
> >> > now. See PR 54467.
> >>
> >> Yeah it's a real pain in my you-know-what. Is it Joerg vs everyone else?
> >
> >It is NetBSD pax vs every pretty much any maintained tar implementation.
>
> Indeed, and it is a security issue revert to the original tar behavior.
> The new behavior is clearly better from a security PoV.
> What I don't like about -P though is that it is an "all or nothing" deal:
>
> N Function PaX as Tar Libarchive Tar
> ----------------------------------------------------------------------
> 1 keeping leading '/' -P -P
> 2 extracting files containing ".." --insecure -P
> 3 obeying existing symlinks default -P
>
> I would prefer to have a separate option that just does [3], but if upstream
> does not think it is useful it is better to live with -P.
Feel free to write a patch :) That said, I don't really see a point in
allowing one form of arbitrary file replacement and not another.
Joerg
Home |
Main Index |
Thread Index |
Old Index