Re: [Bug-tar] rmt filename support make tar vulnerable?

bug-tar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-tar] rmt filename support make tar vulnerable?

From:	Sergey Poznyakoff
Subject:	Re: [Bug-tar] rmt filename support make tar vulnerable?
Date:	Mon, 04 Feb 2019 21:48:22 +0200

> Back in January of 2005, Joey Hess pointed out in a bug report against
> Debian's package of tar that's actually an enhancement request, and as I

Thanks. However, this report is based on a premise that doesn't seem
valid to me:

  "Anything with a colon will do, though a real rmt volume
  probably has a path after the colon."

I don't see any reason why the remote archive name must contain an
absolute file name in it (which, apparently, "path" in the above
fragment implies). It can quite reasonably refer to a relative one as
well.

Regards,
Sergey

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-tar] rmt filename support make tar vulnerable?, Bdale Garbee, 2019/02/04
- Re: [Bug-tar] rmt filename support make tar vulnerable?, Sergey Poznyakoff <=
  - Re: [Bug-tar] rmt filename support make tar vulnerable?, Joerg Schilling, 2019/02/05

Prev by Date: Re: [Bug-tar] man describes --preserve but tar doesn't support it
Next by Date: Re: [Bug-tar] mis-handling of weird filenames
Previous by thread: [Bug-tar] rmt filename support make tar vulnerable?
Next by thread: Re: [Bug-tar] rmt filename support make tar vulnerable?
Index(es):
- Date
- Thread