On Tue, 1 Oct 2002, Don Lewis wrote:

> What if the tarball installs a symlink to / under the current directory
> followed by files that are unpacked underneath the symlink name? A
> simple fix for the initial problem mentioned in this thread isn't
> sufficient.

i don't believe that tar(1) will allow you to do that by default.

i know for a fact that OpenBSD won't do it by default, you have to specify
that you want it to follow symlinks:

     -L Follow all symlinks. In extract mode this means that a di-
        rectory entry in the archive will not overwrite an existing
        symbolic link, but rather what the link ultimately points
        to.

> This is hardly a new problem. Here's a 1998 BUGTRAQ message:

and, i believe that's been addressed aswell. should have been, considering
it's 4 years old now.

-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan jancaustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]