Before git-style patches, patch could assume that symlinks in the working directory are safe to traverse; it only needed to ensure that pathnames of files it creates weren't absolute and didn't contain '..' pathname components.
Patch now creates symlinks. Forbidding absolute symlinks and '.' and '..' pathname components in symlinks entirely seems too much of a restriction to me; on the other hand, I don't see how to make things safe again by just checking where new symlinks point. It might be necessary to use openat() for resolving pathname components without traversing symlinks; that's very ugly, though. Any other ideas? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
