Re: Proposal: New source format (was Re: [Fwd: Re: dpkg question])
srivasta@datasync.com (Manoj Srivastava) wrote on 16.05.97 in <[🔎] 872077w7o7.fsf@tiamat.datasync.com>:
> >>"Jim" == Jim Van Zandt <jrv@vanzandt.mv.com> writes:
Jim>> I think the ".. pathname component" problem deserves some
Jim>> attention. What does anybody think about these steps?
Jim>> 1) Incoming Debian source packages should be automatically
Jim>> scanned, and offending files flagged.
Jim>> 2) GNU tar should refuse to unpack such a tar file, unless
Jim>> enabled by a switch.
Jim>> 3) GNU tar should refuse to create such a tar file, unless
Jim>> enabled by a switch.
> I hope you mean ask the upstream authors to change GNU tars
> behaviour, and not that Debian should do a major change in behaviour
> on it's own. In case we even consider doing such a thing, it should
> be *off* by default, and turned on (by dpkg and friends) with a
> special switch.
Since it handles the same type of problem as the absolute path remover, it
should work the same.
The absolute path remover is on by default.
(Have you _ever_ seen a tar containing a path with ".."? Those are
extremely rare.)
MfG Kai
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: