[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [PATCH] tar: remove leading / and ../ on reading and writing
From: Ralf Friedl <Ralf.Friedl () online ! de>
Date: 2011-02-28 22:48:44
Message-ID: 4D6C264C.5050902 () online ! de
[Download RAW message or body]
Alexander Shishkin wrote:
> Currently, tar will add members with names starting with
> the prefixes to an archive unmodified, and will then refuse
> to extract from such archive. However, GNU tar will strip
> these prefixes upon creating the archive and reading from
> it.
>
Is there a use case for this?
Instead of "tar c ../path" you can use "tar cC .. path" to crate that
archive.
The patch looses functionality. The old code would detect ./../../etc,
the new code would not.
The behavior of GNU tar is actually different: It will strip everything
up to the last ../:
$ tar c ./coreutils/../../../../../../etc/passwd > /dev/null
tar: Removing leading `./coreutils/../../../../../../' from member names
In addition, with the option t GNU tar claims to remove the leading
path, but displays the full path:
$ tar cP coreutils/../../../../../../../etc/passwd | tar t
tar: Removing leading `coreutils/../../../../../../../' from member names
coreutils/../../../../../../../etc/passwd
Ralf
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic