[EMAIL PROTECTED] (Manoj Srivastava) wrote on 16.05.97 in <[EMAIL PROTECTED]>:
> >>"Jim" == Jim Van Zandt <[EMAIL PROTECTED]> writes: Jim>> I think the ".. pathname component" problem deserves some Jim>> attention. What does anybody think about these steps? Jim>> 1) Incoming Debian source packages should be automatically Jim>> scanned, and offending files flagged. Jim>> 2) GNU tar should refuse to unpack such a tar file, unless Jim>> enabled by a switch. Jim>> 3) GNU tar should refuse to create such a tar file, unless Jim>> enabled by a switch. > I hope you mean ask the upstream authors to change GNU tars > behaviour, and not that Debian should do a major change in behaviour > on it's own. In case we even consider doing such a thing, it should > be *off* by default, and turned on (by dpkg and friends) with a > special switch. Since it handles the same type of problem as the absolute path remover, it should work the same. The absolute path remover is on by default. (Have you _ever_ seen a tar containing a path with ".."? Those are extremely rare.) MfG Kai -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
