https://sourceware.org/bugzilla/show_bug.cgi?id=33693
--- Comment #6 from Arsen Arsenović <arsen at sourceware dot org> --- (In reply to Frank Ch. Eigler from comment #5) > Interesting case. One could imagine hacking on debuginfod internals to > configure some filename rewriting deep within the libarchive content > iteration stuff, sure, maybe in canonicalized_archive_entry_pathname(). > > An alternative would be to use some external shell script to extract & > repackage those gpkg.tar files on the fly, trimming that pesky image/ top > level directory away. Heck, maybe the -Z script fragment option could do > something hilariously silly like > > $(bsdtar -x .. image.tar.* | (cd /tmp/$$; bsdtar xvf - ; cd image; bsdtar > cvf - . ; cd ..; rmdir image) ) > > 'cause the tool will attempt to run any shell script expression that > consumes an archive on stdin and produces an archive on stdout. that'd be an easy DoS vector - it means that tmpfs will get filled with a very large package frequently (once per request?) -- You are receiving this mail because: You are on the CC list for the bug.
