[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tar directory traversal
From: |
Paul Eggert |
Subject: |
Re: tar directory traversal |
Date: |
Mon, 25 Jun 2001 08:40:21 -0700 (PDT) |
> From: 3APA3A <address@hidden>
> Date: Mon, 25 Jun 2001 18:50:07 +0400
>
> tar checks for absolute path names beginning with '/' but it doesn't
> for '../' it makes it possible to create tar archive which, then
> extracted, will place some files in directory of archive author's
> choice.
It's a known problem. It is addressed to some extent in the latest
test version of GNU tar (1.13.19). There are a few tricky holes even
in 1.13.19, though, and I hope to have them closed in the next
version. You can get test versions at:
ftp://alpha.gnu.org/gnu/tar/