Subject: Re: tar ignores filenames that contain `..'
To: NetBSD Packages Technical Discussion List <>
From: Greg A. Woods <>
List: tech-security
Date: 10/23/2002 12:52:24
[ On Wednesday, October 23, 2002 at 18:33:34 (+0200), Alistair Crooks wrote: ]
> Subject: Re: tar ignores filenames that contain `..'
> And I will jump in and say that it is really pax's problem.  This is
> because (a) a lot of the distfiles that we use in pkgsrc come with
> symbolic links with ".." in them, so that we can't even extract the
> contents properly now

"a lot"?!?!?!  I know I've not come anywhere close to testing the whole
gamut of pkgsrc (I've only ever tried building somewhere around 1000
separate packages in total), however I hope you're exaggerating just the

Has anyone who happens to have a full distfiles archive done a
scientific survey?  I'd be surprised and dismayed if more than 1% of
distfiles contained relative pathnames using "..", and I'd be even more
surprised if the maintainers/authors of the packages involved didn't
agree to eliminate such things ASAP.

Assuming it is just a tiny percentage of distfiles which are "broken"
then I see no problem with just leaving them that way until the
maintainers update their original archives to fix the actual problem.

								Greg A. Woods

+1 416 218-0098;            <>;           <>
Planix, Inc. <>; VE3TCP; Secrets of the Weird <>