Date: Sat, 1 May 2004 17:43:02 -0700 (PDT) From: Tim Kientzle <kientzle@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/usr.bin/tar bsdtar.h read.c Message-ID: <200405020043.i420h2qi074715@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
kientzle 2004/05/01 17:43:02 PDT
FreeBSD src repository
Modified files:
usr.bin/tar bsdtar.h read.c
Log:
A security issue: An archive containing a symlink to another
directory, then a file with that symlink as a prefix can drop a file
outside of the current directory, which can be a security hole.
Plug this hole by refusing to extract files if a prefix of the
pathname is a symlink. The -P option disables this check.
Revision Changes Path
1.5 +1 -0 src/usr.bin/tar/bsdtar.h
1.4 +70 -13 src/usr.bin/tar/read.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405020043.i420h2qi074715>