[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: tar directory traversal
|
From: |
3APA3A |
|
Subject: |
Re[2]: tar directory traversal |
|
Date: |
Mon, 25 Jun 2001 20:22:01 +0400 |
Hello Paul,
Yes, it skips files beginning with '..', but it's still possible to
use something like test/../.. and ./.. (in first case 'test' must
exist on most systems, but ./.. works just fine.) Catch test files.
BTW: I've got some problems with ./configure. It created Makefiles
only after 2nd attempt. I don't remember exact message, something like
"-STATUS: not defined". But may be it's because I've killed another
one ./configure before (mktime test was so long that I decided
something is wrong). FreeBSD 4.3-RELEASE
--Monday, June 25, 2001, 7:40:21 PM, you wrote to address@hidden:
>> From: 3APA3A <address@hidden>
>> Date: Mon, 25 Jun 2001 18:50:07 +0400
>>
>> tar checks for absolute path names beginning with '/' but it doesn't
>> for '../' it makes it possible to create tar archive which, then
>> extracted, will place some files in directory of archive author's
>> choice.
PE> It's a known problem. It is addressed to some extent in the latest
PE> test version of GNU tar (1.13.19). There are a few tricky holes even
PE> in 1.13.19, though, and I hope to have them closed in the next
PE> version. You can get test versions at:
PE> ftp://alpha.gnu.org/gnu/tar/
--
~/3APA3A
Ну а в целом, Уильям, здешний климат - ежели только
это можно назвать климатом, вполне сносный. (Твен)
test2.tar
Description: Unix tar archive
test1.tar
Description: Unix tar archive