Re: cpio-2.13 relative symlink handling with --no-absolute-filenames

bug-cpio

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cpio-2.13 relative symlink handling with --no-absolute-filenames

From:	Jonas Meurer
Subject:	Re: cpio-2.13 relative symlink handling with --no-absolute-filenames
Date:	Mon, 27 Jan 2020 14:47:43 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1

Hi Sergey,

> Thanks for the report.
> 
>> We think this may be an unintended consequence of a patch that was
>> applied to address CVE-2015-1197. Was this change in behavior for
>> relative symlinks intended, or is this a bug?
> 
> It is definitely a bug.  I'm working on a solution and will let you know
> when it is available.  Until then, the best course of action would be to
> revert 45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.

Thanks a lot for looking into this bug!

We run into the same bug on Debian when using unpacked cpio initramfs
files as chroot environment. Do you have an estimation for a proper fix?

Cheers
 jonas

PS: Please Cc me, as I'm not subscribed to the list. Also, sorry for
    breaking threading.

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: cpio-2.13 relative symlink handling with --no-absolute-filenames, Jonas Meurer <=

Prev by Date: Re: Regression in handling of CVE-2015-1197 & --no-absolute-filenames breaks symlinks starting with /
Previous by thread: cpio fails with -fno-common
Index(es):
- Date
- Thread