cvs commit: src/usr.bin/tar bsdtar.h read.c
Tim Kientzle
kientzle at FreeBSD.org
Sat May 1 17:43:03 PDT 2004
kientzle 2004/05/01 17:43:02 PDT
FreeBSD src repository
Modified files:
usr.bin/tar bsdtar.h read.c
Log:
A security issue: An archive containing a symlink to another
directory, then a file with that symlink as a prefix can drop a file
outside of the current directory, which can be a security hole.
Plug this hole by refusing to extract files if a prefix of the
pathname is a symlink. The -P option disables this check.
Revision Changes Path
1.5 +1 -0 src/usr.bin/tar/bsdtar.h
1.4 +70 -13 src/usr.bin/tar/read.c
More information about the cvs-src
mailing list