Re: Tar extract behaviour changed

To: current-users%netbsd.org@localhost
Subject: Re: Tar extract behaviour changed
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Tue, 22 Oct 2019 14:27:39 +0200

On Tue, Oct 22, 2019 at 07:26:05AM +0200, Martin Husemann wrote:
> On Tue, Oct 22, 2019 at 06:37:44AM +0700, Robert Elz wrote:
> >     Date:        Mon, 21 Oct 2019 21:20:25 +0200
> >     From:        Joerg Sonnenberger <joerg%bec.de@localhost>
> >     Message-ID:  <20191021192025.GA33725%bec.de@localhost>
> > 
> >   | That said, I don't really see a point in
> >   | allowing one form of arbitrary file replacement and not another.
> > 
> > If we're thinking of it purely as protection against potentially
> > malicious archives obtained from some random internet site, then
> > nor do I
> 
> I am not sure. Clearly / and .. are protecting against malicious archives.
> But in my view a directory entry in the (potential malicious) archive
> overwriting an existing symlink is something where the explicit wish of the
> user running the extraction is not honored.

Extraction of entries in streamable formats happens in isolation. The
archiver has no knowledge about pre-existing symlinks or whether the
archive itself just created the symlink. 

Joerg

References:
- Re: Tar extract behaviour changed
  - From: Joerg Sonnenberger
- Tar extract behaviour changed
  - From: J. Hannken-Illjes
- Re: Tar extract behaviour changed
  - From: Martin Husemann
- Re: Tar extract behaviour changed
  - From: Hisashi T Fujinaka
- Re: Tar extract behaviour changed
  - From: Joerg Sonnenberger
- Re: Tar extract behaviour changed
  - From: Christos Zoulas
- Re: Tar extract behaviour changed
  - From: Robert Elz
- Re: Tar extract behaviour changed
  - From: Martin Husemann

Prev by Date: Re: Tar extract behaviour changed
Next by Date: Re: Tar extract behaviour changed
Previous by Thread: Re: Tar extract behaviour changed
Next by Thread: Re: Tar extract behaviour changed
Indexes:

Home | Main Index | Thread Index | Old Index