[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Tar extract behaviour changed
On Tue, Oct 22, 2019 at 07:26:05AM +0200, Martin Husemann wrote:
> On Tue, Oct 22, 2019 at 06:37:44AM +0700, Robert Elz wrote:
> > Date: Mon, 21 Oct 2019 21:20:25 +0200
> > From: Joerg Sonnenberger <joerg%bec.de@localhost>
> > Message-ID: <20191021192025.GA33725%bec.de@localhost>
> > | That said, I don't really see a point in
> > | allowing one form of arbitrary file replacement and not another.
> > If we're thinking of it purely as protection against potentially
> > malicious archives obtained from some random internet site, then
> > nor do I
> I am not sure. Clearly / and .. are protecting against malicious archives.
> But in my view a directory entry in the (potential malicious) archive
> overwriting an existing symlink is something where the explicit wish of the
> user running the extraction is not honored.
Extraction of entries in streamable formats happens in isolation. The
archiver has no knowledge about pre-existing symlinks or whether the
archive itself just created the symlink.
Main Index |
Thread Index |