Hello, On Thu, 03 Jul 2008, Masatran, R. Deepak wrote: > I am worried about extracting TAR files...(1) What if it contains files with > absolute paths? (2) What if it contains files with ".." in the path? (3) > What if it violates the Unix convention of extracting the contents in a > sub-directory?
I you mean that an archive could contain files like
../.ssh/authorized_keys
which if extracted in /home/luser/testarea/
could over-write the authorized_keys file of the user?
GNU (and most other modern tar versions) do not allow such
over-writing by default. Specifically, leading '/' and '..' are
recursively stripped and symbolic links pointing outside the current
directory are not followed. (Don't believe me! Just test it out!)
However, there are situations where a user may want to do this. So
there is the "-P" option to tar which disables this safety feature.
Regards,
Kapil.
--
signature.asc
Description: Digital signature
_______________________________________________ To unsubscribe, email [EMAIL PROTECTED] with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
