Subject: Re: tar ignores filenames that contain `..'
To: Todd Vierling <>
From: David Laight <>
List: tech-security
Date: 10/31/2002 09:37:25
On Sat, Oct 26, 2002 at 11:17:32AM -0400, Todd Vierling wrote:
> And one more round, after thinking about it last night.
> It occurred to me that, now that the assessment of the issue has changed
> from the content of symlinks to the act of *following* symlinks, that the
> protections mentioned in the proposal could be applied as default behavior,
> and all this can be distilled/simplified further.

Since the actual problem is that following a symlink might take
you outside the current directory hierarchy, why not make pax
chroot to the current directory before reading the archive?

Have I missed something?


David Laight: