Subject: Re: tar ignores filenames that contain `..'
To: Seth Kurtzberg <firstname.lastname@example.org>
From: Frederick Bruckman <email@example.com>
Date: 10/23/2002 11:47:06
On 23 Oct 2002, Seth Kurtzberg wrote:
> Isn't is straightforward to extract the files from the tar archive in a
> temporary area, and recreate the tar file with the command line
> parameters that force it to use full directory paths?
No, not at all. What's to keep "tar-slash-pax" from breaking out
of the temporary area? The extractor needs to keep track and pay
attention to what's it doing -- I don't see any way around that.
I feel, now, the security impliciations of hacking on
pkg_add/pkg_create are less than that of hacking on tar/pax, so that's
the way we should go. Either that, or do as the base install does, and
force symlinks to be absolute to the ultimate location.