[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-tar] Unpacking a tar with a "./" entry changes dir timestamp an
|
From: |
Gene Heskett |
|
Subject: |
Re: [Bug-tar] Unpacking a tar with a "./" entry changes dir timestamp and maybe ownership too |
|
Date: |
Mon, 16 Aug 2010 10:25:38 -0400 |
|
User-agent: |
KMail/1.13.5 (Linux/2.6.33.7-pclos1.pae; KDE/4.5.0; i686; ; ) |
On Monday, August 16, 2010 10:21:45 am Sergey Poznyakoff did opine:
> Gene Heskett <address@hidden> ha escrit:
> > I expected a better reply, Sergey.
>
> The original question was how ``to stop tar from expanding the
> "./" entry''. I've given the answer.
>
> > This is a copout over a huge security problem.
>
> Sorry, I don't see any security problem here. What I see is the usage
> problem, both when creating the archive and when extracting it.
>
> > Its tar that needs fixed, by precheckng the perms on . and refusing to
> > touch . if it has no rights.
>
> I don't get your point. If tar "has no rights", it will be unable to
> change anythng. When run as root, tar always is able to change
> ownerships and modes. What do you want to check?
>
> Regards,
> Sergey
IMO it should not be capable of changing the . directories properties.
Update time maybe, but no rights or ownership changes should be allowed.
Ever. If the resultant isn't suitable, let the user become root and fix it.
This world has enough surprises without this sort of thing.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Pollyanna's Educational Constant:
The hyperactive child is never absent.