On 18 Feb 2003, Perry E. Metzger wrote:

> Luke Mewburn <lukem@netbsd.org> writes:
> > When pax is fixed (in a sane way) to do the right thing with symlinks
> > to directories, we can then reconsider the issue of having /home back
> > in the base distribution, taking into account the other concerns raised.
>
> As a first strawman, I would propose that in the "unlink before
> unpacking" case (our default for tar pax etc these days), that the
> system refuse to replace a node with a node of a different type --
> i.e. refuse to replace a file with a directory, or a symlink with a
> file or directory, etc. If one explicitly gave the --unlink directory
> it would ignore this, thus allowing you to blow things away.
>
> This doesn't seem exactly correct, though. It would refuse to damage
> things, but at the expense of not upgrading at all.
>
> An alternative might be to ask pax/tar to follow the symlink while
> unpacking.
>
> Comments?

Recall that "fear of symlinks" was the main motivation behind the
changes to pax, and of switching to it. It's too bad, after all that
fuss, that it's still trivially easy to create evil archives that
overwrite things outside of the destination directory (even without
--insecure!). See PR's 18663, 18759.

Frederick