Subject: Re: tar ignores filenames that contain `..'
To: Thor Lancelot Simon <>
From: Bill Studenmund <>
List: tech-security
Date: 10/23/2002 11:23:31
On Wed, 23 Oct 2002, Thor Lancelot Simon wrote:

> On Wed, Oct 23, 2002 at 01:06:40PM -0400, Todd Vierling wrote:
> > On Wed, 23 Oct 2002, Alistair Crooks wrote:
> >
> > The latter should be unconditionally disallowed by pax, as it's beyond bad
> > form and is already warned about by GNU tar.
> I agree 100%.  If pax isn't allowing symlinks whose _target_ contains ..,
> that's a bug.  On the other hand, I'm quite strongly opposed to making it
> extract anything whose _pathname_ contains .. .

Is having ".." in the path really that much of a problem in and of itself?
Seems to me that the problem is if we have more ".."s in the path than our
depth. i.e. it should be ok to have ".."s that don't go higher than the
current depth, and not ok if they do exceed the current depth.

Take care,