Date: Sat, 1 May 2004 17:43:02 -0700 (PDT) From: Tim Kientzle <kientzle@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/usr.bin/tar bsdtar.h read.c Message-ID: <200405020043.i420h2qi074715@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
kientzle 2004/05/01 17:43:02 PDT FreeBSD src repository Modified files: usr.bin/tar bsdtar.h read.c Log: A security issue: An archive containing a symlink to another directory, then a file with that symlink as a prefix can drop a file outside of the current directory, which can be a security hole. Plug this hole by refusing to extract files if a prefix of the pathname is a symlink. The -P option disables this check. Revision Changes Path 1.5 +1 -0 src/usr.bin/tar/bsdtar.h 1.4 +70 -13 src/usr.bin/tar/read.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405020043.i420h2qi074715>