[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security bug: tar allows to overwrite arbitrary file when extracting
From: |
Paul Eggert |
Subject: |
Re: Security bug: tar allows to overwrite arbitrary file when extracting |
Date: |
Sat, 30 Jun 2001 07:11:02 -0700 (PDT) |
> From: "Eli Zaretskii" <address@hidden>
> Date: Sat, 30 Jun 2001 09:11:03 +0300
>
> - names such as d:foo/bar should also be considered absolute in this
> context;
Thanks for pointing this out.
> - a name such as ab/foo/bar will be handled by this as an absolute
> name (assuming that FILESYSTEM_PREFIX_LEN is 2 on DOSish systems).
Actually, on DOS it's a macro that expands to 0 or 2, depending on
whether its argument looks like a filesystem prefix. So this should
be OK.
> I'd suggest instead to define a macro IS_ABSOLUTE which will return
> non-zero if its argument is an absolute file names, and then define it
> as appropriate for each filesystem. That's what other GNU packages
> do.
This sounds like a good idea. Can you please point me to a GNU
package that does this? I looked in fileutils and it doesn't have
IS_ABSOLUTE.