Hi!
> Why does it suck less? SLOC can't be the only argument,
> functionality combined with SLOC is an argument.
It sucks less because I was searching for a really simple tar
implementation. I found none, because everyone of them suck in their
own way. Mine simply sucks less in code complexity. :) Also I only
searched for a name... I thought about simple tar but star sounds
really ugly...
> Seems to work but you should add more checks on extracting
> files. This version is at least prone to directory traversal
> vulnerabilities.
This is true. But it's intended to be simple not secure. after some
comments to sltar I think this is a mistake. The simplest way to get
it more secure is to chroot into "./". But this would only help root
and only for certian attacks. I think I can't get around to check the
filenames :/ - I'll investigate in this today.
> Kind regards
> Nico
Thanks for you're reply :)
-- http://www.gnuffy.org - Real Community Distro http://www.gnuffy.org/index.php/GnuEm - Gnuffy on Ipaq (Codename Peggy)Received on Thu Dec 20 2007 - 07:09:18 UTC
This archive was generated by hypermail 2.2.0 : Sun Jul 13 2008 - 15:12:59 UTC