Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Tar extract behaviour changed



    Date:        Tue, 22 Oct 2019 14:33:27 -0000 (UTC)
    From:        christos%astron.com@localhost (Christos Zoulas)
    Message-ID:  <qon3vm$of$1%blaine.gmane.org@localhost>

  | Well, one of the use cases is when we don't have enough disk space in the
  | same partition, so that will not work out.

No, I meant symlinks in the archive, not pre-existing ones.  While I
suppose there are uses for archives containing symlinks aimed all over
the place, I'd tend to assume they're only for locally created archives
(and so could be extracted with an option to allow them) - archives from
elsewhere cannot expect to know where other (non-archive) files are to
be located on every system that might extract the archive, so symlinks in
the archive that don't (at least potentially) refer to other files in the
archive are not usually going to be of any use.

So the test would be, before creating a symlink from the archive, whether
the target starts with / or enough ../ sequences to escape the root of the
extraction (or any /../ sequence inside the symlink - that should never be
needed) if any of those is found, and not exprssly permitted then the symlmk
should not be extracted.

Of course, anything named explicitly on the command line is also OK,
If I do
	tar xf archive /etc/passwd
that should do exactly what I told it to do, as should
	tar xf archive some/symlink    (whatever the target is)
(and the equiv for the pax & cpio interfaces, but perhaps not when
reading the list of files from stdin, haven't really considered that case).

kre



Home | Main Index | Thread Index | Old Index