bug-gnu-utils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security bug: tar allows to overwrite arbitrary file when extracting

From: Paul Eggert
Subject: Re: Security bug: tar allows to overwrite arbitrary file when extracting
Date: Sat, 30 Jun 2001 07:11:02 -0700 (PDT) 
> From: "Eli Zaretskii" <address@hidden>
> Date: Sat, 30 Jun 2001 09:11:03 +0300
> 
>   - names such as d:foo/bar should also be considered absolute in this
>     context;

Thanks for pointing this out.

>   - a name such as ab/foo/bar will be handled by this as an absolute
>     name (assuming that FILESYSTEM_PREFIX_LEN is 2 on DOSish systems).

Actually, on DOS it's a macro that expands to 0 or 2, depending on
whether its argument looks like a filesystem prefix.  So this should
be OK.

> I'd suggest instead to define a macro IS_ABSOLUTE which will return
> non-zero if its argument is an absolute file names, and then define it
> as appropriate for each filesystem.  That's what other GNU packages
> do.

This sounds like a good idea.  Can you please point me to a GNU
package that does this?  I looked in fileutils and it doesn't have
IS_ABSOLUTE.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]