Re: [dev] [sbase] [patch] Adding tar v2

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Chris Down <chris_AT_regentmarkets.com>
Date: Sun, 14 Jul 2013 21:34:42 +0200

On 14 July 2013 20:42, Nick <suckless-dev_AT_njw.me.uk> wrote:
> Quoth Galos, David:
>> Thanks in large part to your information about how you invoke tar, I
>> believe I have come up with a decent solution. I also was able to
>> find the structified version of tar I had worked on in the past.
>
> I'd be inclined to check for and filter out leading .. and /
> characters, to avoid tarballs doing unexpectedly evil things.

I think all security onus for stuff like that should be on the user --
they can still do unexpectedly evil things either way (even stripping
.. and /). It should be the user's responsibility to verify what will
happen when a tarball is extracted using -t.
Received on Sun Jul 14 2013 - 21:34:42 CEST

This archive was generated by hypermail 2.3.0 : Sun Jul 14 2013 - 21:36:13 CEST