Subject: Re: tar ignores filenames that contain `..'
To: Alistair Crooks <>
From: Todd Vierling <>
List: tech-security
Date: 10/23/2002 13:10:04
On Wed, 23 Oct 2002, Todd Vierling wrote:

: : And I will jump in and say that it is really pax's problem.  This is
: : because (a) a lot of the distfiles that we use in pkgsrc come with
: : symbolic links with ".." in them,
: Symbolic links whose *content* contains "../" are not the same thing as file
: entries in a tar file whose *filename* contains "../".
: The former should be unconditionally allowed by pax,

BTW, I should point out that generations of Unix admins have used tar
archives to wrap up a directory for backup or shipment to another system,
and (with unlink behavior as described) untar'd the archives elsewhere, even
when the archives have contained symlinks pointing to a path containing

There is zero reason to disallow such symlinks in pax.

-- Todd Vierling <>