[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/54467: new tar overwrites symlinks to directories
On Sun, Aug 18, 2019 at 07:12:59PM +0300, Christos Zoulas wrote:
> > If you allow symlinks tricks, you can just allow absolute path names
> > too. It really doesn't make any difference as attack vector.
> I am not talking about an attack vector, I am just saying that the behavior
> of extracting a tar archive having absolute symlinks in it, will change with -P...
> I do understand the ramifications of allowing symlinks, I just want to replicate
> the behavior of our current tar.
The behavior is not so much about relative or absolute symlinks, but
about symlinks used as of a longer path. The pax behavior is IMO a
major security issue and I don't think "supporting" it alone makes any
Main Index |
Thread Index |