bug-tar
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-tar] Stripping leading ../


From: Paul Eggert
Subject: Re: [Bug-tar] Stripping leading ../
Date: Fri, 09 Jul 2004 10:06:27 -0700
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

Toby Peterson <address@hidden> writes:

> I'm currently maintaining tar here at Apple, and I have a question
> about the behavior of tar. In 1.13.25, if a filename such as '../file'
> was specified without the -P option, it would give a warning like
> "Member names contain `..'", but it wouldn't actually do anything.
>
> In 1.14, the warning is "Removing leading `../' from member names",
> and it does just that. This causes things to be compressed/extracted
> into unexpected locations!
>
> Anyway, I'm simply wondering if this is expected behavior.

Yes, as obeying leading "../" leads to the same security problems that
obeying leading "/" would.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]