Bug#514016: Bug#514015: cdebootstrap - packages with symlinks to dirs (libc6) can lead to writes outside the new root

To: 514015@bugs.debian.org, 514016@bugs.debian.org
Subject: Bug#514016: Bug#514015: cdebootstrap - packages with symlinks to dirs (libc6) can lead to writes outside the new root
From: Bastian Blank <waldi@debian.org>
Date: Tue, 3 Feb 2009 14:20:11 +0100
Message-id: <[🔎] 20090203132011.GB11274@wavehammer.waldi.eu.org>
Reply-to: Bastian Blank <waldi@debian.org>, 514016@bugs.debian.org
In-reply-to: <handler.514015.B.12336658327488.ack@bugs.debian.org>
References: <20090203125708.GA10561@wavehammer.waldi.eu.org> <handler.514015.B.12336658327488.ack@bugs.debian.org>

Both cdebootstrap and debootstrap uses plain tar to extract packages the
first time.

If one package (lib6) contains the symlink /lib64 -> /lib, another
package (in this case libattr1) which includes files in /lib64, will
be extracted into the host system and overwrite files there, as tar
follows the symlinks.

Bastian

Reply to:

Prev by Date: cloning 514015, reassign -1 to debootstrap
Next by Date: etch custom CD
Previous by thread: Processed: cloning 514015, reassign -1 to debootstrap
Next by thread: etch custom CD
Index(es):
- Date
- Thread