Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Tar extract behaviour changed



On Tue, Oct 22, 2019 at 07:26:05AM +0200, Martin Husemann wrote:
> On Tue, Oct 22, 2019 at 06:37:44AM +0700, Robert Elz wrote:
> >     Date:        Mon, 21 Oct 2019 21:20:25 +0200
> >     From:        Joerg Sonnenberger <joerg%bec.de@localhost>
> >     Message-ID:  <20191021192025.GA33725%bec.de@localhost>
> > 
> >   | That said, I don't really see a point in
> >   | allowing one form of arbitrary file replacement and not another.
> > 
> > If we're thinking of it purely as protection against potentially
> > malicious archives obtained from some random internet site, then
> > nor do I
> 
> I am not sure. Clearly / and .. are protecting against malicious archives.
> But in my view a directory entry in the (potential malicious) archive
> overwriting an existing symlink is something where the explicit wish of the
> user running the extraction is not honored.

Extraction of entries in streamable formats happens in isolation. The
archiver has no knowledge about pre-existing symlinks or whether the
archive itself just created the symlink. 

Joerg


Home | Main Index | Thread Index | Old Index