In article <20191021163005.ga4...@bec.de>, Joerg Sonnenberger <jo...@bec.de> wrote: >On Mon, Oct 21, 2019 at 06:29:18AM -0700, Hisashi T Fujinaka wrote: >> On Mon, 21 Oct 2019, Martin Husemann wrote: >> >> > On Mon, Oct 21, 2019 at 11:54:44AM +0200, J. Hannken-Illjes wrote: >> > > Somewhere between Netbsd-8 and NetBSD-9 "tar" changed its behaviour >> > > when it has to extract a directory and the path exists as a symlink. >> > >> > I still believe it should be fixed, but J?rg disagrees. You need to use -P >> > now. See PR 54467. >> >> Yeah it's a real pain in my you-know-what. Is it Joerg vs everyone else? > >It is NetBSD pax vs every pretty much any maintained tar implementation.
Indeed, and it is a security issue revert to the original tar behavior. The new behavior is clearly better from a security PoV. What I don't like about -P though is that it is an "all or nothing" deal: N Function PaX as Tar Libarchive Tar ---------------------------------------------------------------------- 1 keeping leading '/' -P -P 2 extracting files containing ".." --insecure -P 3 obeying existing symlinks default -P I would prefer to have a separate option that just does [3], but if upstream does not think it is useful it is better to live with -P. christos
