https://sourceware.org/bugzilla/show_bug.cgi?id=17533
--- Comment #7 from Alexander Cherepanov <cherepan at mccme dot ru> --- The danger is in overwriting sensitive files (e.g. authorized_keys) by an unconscious user or by an automatic process while extracting the contents of an archive. For similar examples please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4131 (tar) and https://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-4651 (patch). Both absolute and relative paths could be used for the attack. BTW creation of hidden files (with names starting with a dot) could also be viewed as undesirable. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
