[EMAIL PROTECTED] (Manoj Srivastava) wrote:
> Oh yes, pathanmes with .. components would _also_ break the
> algorithm.
Kai Henningsen <[EMAIL PROTECTED]> writes:
>Of course, those break everything. I'd insist of having no tarballs even
>in the Debian source archive that contain those.
>
>A different problem is absolute path names (/X/Y/Z). GNU tar automatically
>discards the "/" (which may, in fact, be related to distributions like the
>above example) on both tarring and untarring, as far as I remember, unless
>you explicitely tell it not to; but other tars don't.
I think the ".. pathname component" problem deserves some attention.
What does anybody think about these steps?
1) Incoming Debian source
packages should be automatically scanned, and offending files flagged.
2) GNU tar should refuse to unpack such a tar file, unless enabled by
a switch.
3) GNU tar should refuse to create such a tar file, unless enabled by
a switch.
- Jim Van Zandt
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
