Re: bin/54467: new tar overwrites symlinks to directories

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,martin%NetBSD.org@localhost
Subject: Re: bin/54467: new tar overwrites symlinks to directories
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sun, 18 Aug 2019 16:05:01 +0000 (UTC)

The following reply was made to PR bin/54467; it has been noted by GNATS.

From: Joerg Sonnenberger <joerg%bec.de@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, martin%NetBSD.org@localhost
Subject: Re: bin/54467: new tar overwrites symlinks to directories
Date: Sun, 18 Aug 2019 17:55:34 +0200

 On Sun, Aug 18, 2019 at 03:30:01PM +0000, Christos Zoulas wrote:
 >  So I guess -P does what we want and unfortunately more. I'd rather it
 >  just disabled ARCHIVE_EXTRACT_SECURE_SYMLINKS... We could
 >  add a long option that did exactly want we wanted I guess:
 >  --security=-extract-secure-symlinks
 
 If you allow symlinks tricks, you can just allow absolute path names
 too. It really doesn't make any difference as attack vector.
 
 Joerg

Follow-Ups:
- Re: bin/54467: new tar overwrites symlinks to directories
  - From: Christos Zoulas

Prev by Date: Re: bin/54467: new tar overwrites symlinks to directories
Next by Date: Re: bin/54467: new tar overwrites symlinks to directories
Previous by Thread: Re: bin/54467: new tar overwrites symlinks to directories
Next by Thread: Re: bin/54467: new tar overwrites symlinks to directories
Indexes:

Home | Main Index | Thread Index | Old Index