Subject: Re: tar ignores filenames that contain `..'
To: Alistair Crooks <>
From: Seth Kurtzberg <>
List: tech-security
Date: 10/23/2002 09:48:41
Perhaps I was unclear; I believe that the tar archive can be modified to
replace any '..' references in the path.  They can be replace by
relative paths, put without using ...  If the ".." references are always
more than one level down from the root of the tree, they could be
replaced with an addres such as $top/xxxxx, where $top is the root of
the tree.  For example, you might change xxx/yyy/zzz/.. to xxx/yyy,
which is still a relative path but without the '..' reference.

On Wed, 2002-10-23 at 09:44, Alistair Crooks wrote:
> On Wed, Oct 23, 2002 at 09:35:33AM -0700, Seth Kurtzberg wrote:
> > Isn't is straightforward to extract the files from the tar archive in a
> > temporary area, and recreate the tar file with the command line
> > parameters that force it to use full directory paths?
> At the current time, distfiles are extracted into the ${WRKDIR}, which
> is specially set up for that purpose.  pax and the new GNU tar will
> not do that properly with distfiles which contain symbolic links with
> a ".." component in them.
> We want everything in the binary package to be relative to ${PREFIX},
> not to have absolute paths.
> Or are we talking at cross-purposes here?
> Regards,
> Alistair
Seth Kurtzberg
M. I. S. Corp
Pager 888-605-9296, or