Re: [dwm] [announce] sltar-0.2.1

From: Enno \ <gottox_AT_gmail.com>
Date: Thu, 20 Dec 2007 07:09:15 +0100

Hi!

> Why does it suck less? SLOC can't be the only argument,
> functionality combined with SLOC is an argument.
It sucks less because I was searching for a really simple tar
implementation. I found none, because everyone of them suck in their
own way. Mine simply sucks less in code complexity. :) Also I only
searched for a name... I thought about simple tar but star sounds
really ugly...

> Seems to work but you should add more checks on extracting
> files. This version is at least prone to directory traversal
> vulnerabilities.
This is true. But it's intended to be simple not secure. after some
comments to sltar I think this is a mistake. The simplest way to get
it more secure is to chroot into "./". But this would only help root
and only for certian attacks. I think I can't get around to check the
filenames :/ - I'll investigate in this today.

> Kind regards
> Nico
Thanks for you're reply :)

-- 
http://www.gnuffy.org - Real Community Distro
http://www.gnuffy.org/index.php/GnuEm - Gnuffy on Ipaq (Codename Peggy)
Received on Thu Dec 20 2007 - 07:09:18 UTC

This archive was generated by hypermail 2.2.0 : Sun Jul 13 2008 - 15:12:59 UTC