Re: bin/54467: new tar overwrites symlinks to directories

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,martin%NetBSD.org@localhost
Subject: Re: bin/54467: new tar overwrites symlinks to directories
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sun, 18 Aug 2019 21:25:01 +0000 (UTC)

The following reply was made to PR bin/54467; it has been noted by GNATS.

From: Joerg Sonnenberger <joerg%bec.de@localhost>
To: Christos Zoulas <christos%zoulas.com@localhost>
Cc: gnats-bugs%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost,
	"martin%netbsd.org@localhost" <martin%NetBSD.org@localhost>
Subject: Re: bin/54467: new tar overwrites symlinks to directories
Date: Sun, 18 Aug 2019 23:21:39 +0200

 On Sun, Aug 18, 2019 at 07:12:59PM +0300, Christos Zoulas wrote:
 > 
 > > 
 > > If you allow symlinks tricks, you can just allow absolute path names
 > > too. It really doesn't make any difference as attack vector.
 > 
 > I am not talking about an attack vector, I am just saying that the behavior
 > of extracting a tar archive having absolute symlinks in it, will change with -P...
 > I do understand the ramifications of allowing symlinks, I just want to replicate
 > the behavior of our current tar.
 
 The behavior is not so much about relative or absolute symlinks, but
 about symlinks used as of a longer path. The pax behavior is IMO a
 major security issue and I don't think "supporting" it alone makes any
 sense.
 
 Joerg

Prev by Date: Re: bin/54467: new tar overwrites symlinks to directories
Next by Date: Re: bin/54467: new tar overwrites symlinks to directories
Previous by Thread: Re: bin/54467: new tar overwrites symlinks to directories
Next by Thread: Re: bin/54467: new tar overwrites symlinks to directories
Indexes:

Home | Main Index | Thread Index | Old Index