bug-tar
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-tar] Stripping leading ../


From: Toby Peterson
Subject: Re: [Bug-tar] Stripping leading ../
Date: Fri, 9 Jul 2004 10:12:13 -0700

On 09 Jul 2004, at 10.06, Paul Eggert wrote:

Toby Peterson <address@hidden> writes:

I'm currently maintaining tar here at Apple, and I have a question
about the behavior of tar. In 1.13.25, if a filename such as '../file'
was specified without the -P option, it would give a warning like
"Member names contain `..'", but it wouldn't actually do anything.

In 1.14, the warning is "Removing leading `../' from member names",
and it does just that. This causes things to be compressed/extracted
into unexpected locations!

Anyway, I'm simply wondering if this is expected behavior.

Yes, as obeying leading "../" leads to the same security problems that
obeying leading "/" would.

Makes sense. Looks like we'll be adding -P to our existing makefiles, rather than modifying all the projects that broke.

Thanks for the swift response!

- Toby





reply via email to

[Prev in Thread] Current Thread [Next in Thread]