[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-tar] rmt filename support make tar vulnerable?
From: |
Sergey Poznyakoff |
Subject: |
Re: [Bug-tar] rmt filename support make tar vulnerable? |
Date: |
Mon, 04 Feb 2019 21:48:22 +0200 |
> Back in January of 2005, Joey Hess pointed out in a bug report against
> Debian's package of tar that's actually an enhancement request, and as I
Thanks. However, this report is based on a premise that doesn't seem
valid to me:
"Anything with a colon will do, though a real rmt volume
probably has a path after the colon."
I don't see any reason why the remote archive name must contain an
absolute file name in it (which, apparently, "path" in the above
fragment implies). It can quite reasonably refer to a relative one as
well.
Regards,
Sergey