Re: bin/54467: new tar overwrites symlinks to directories

To: gnats-bugs%netbsd.org@localhost
Subject: Re: bin/54467: new tar overwrites symlinks to directories
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sun, 18 Aug 2019 17:55:34 +0200

On Sun, Aug 18, 2019 at 03:30:01PM +0000, Christos Zoulas wrote:
>  So I guess -P does what we want and unfortunately more. I'd rather it
>  just disabled ARCHIVE_EXTRACT_SECURE_SYMLINKS... We could
>  add a long option that did exactly want we wanted I guess:
>  --security=-extract-secure-symlinks

If you allow symlinks tricks, you can just allow absolute path names
too. It really doesn't make any difference as attack vector.

Joerg

References:
- Re: bin/54467: new tar overwrites symlinks to directories
  - From: Christos Zoulas

Prev by Date: Re: kern/54474: Jetson TK1 audio playback has clicks since isaki-audio2 merge
Next by Date: Re: bin/54467: new tar overwrites symlinks to directories
Previous by Thread: Re: bin/54467: new tar overwrites symlinks to directories
Next by Thread: Re: bin/54467: new tar overwrites symlinks to directories
Indexes:

Home | Main Index | Thread Index | Old Index