[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-tar] Unexpected symlink attack due to change in link following
From: |
Clarence Dang |
Subject: |
Re: [Bug-tar] Unexpected symlink attack due to change in link following behaviour |
Date: |
Mon, 12 Sep 2005 22:42:15 +1000 |
User-agent: |
KMail/1.8 |
On Monday 12 September 2005 20:28, Sergey Poznyakoff wrote:
> Clarence Dang <address@hidden> wrote:
> > I just discovered that tar 1.14 enabled the opposite of
> > "--no-overwrite-dir" by default. This is an unexpected and subtle change
> > in behavior.
>
> The change in question was mage on 2001-09-24 in order to make the
> default GNU tar behavior compatible with that of another existing tar
> implementations.
>
> It was discussed on the list and is explicitely documented in NEWS file.
But that's just the problem: In general, not everyone is on the list and
almost nobody reads documentation.
Changing subtle behaviour is dangerous as DOSEMU has shown. But ultimately,
this is up to you.
Clarence
[please CC me on replies]