Subject: Re: tar ignores filenames that contain `..'
To: Greywolf <greywolf@starwolf.com>
From: Frederick Bruckman <fredb@immanent.net>
List: tech-security
Date: 10/23/2002 15:08:54
On Wed, 23 Oct 2002, Greywolf wrote:

> Why not just have an '--allow-dot-dot' flag or something similarly
> (in)sane added to pax?  That way you have to explicitly say that
> 'yes, I *know* there are ../ entries in here.  Do It Anyway.'

There already is one (--insecure). Note that if you add the flag to
the package tools invocation, then you have to require current
"pax"..., only to get the old behavior! That sucks. Which is why I
suggested that "pkg_add" and "pkg_create" go their own way.

Frederick