[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal: New source format (was Re: [Fwd: Re: dpkg question])

srivasta@datasync.com (Manoj Srivastava)  wrote on 16.05.97 in <872077w7o7.fsf@tiamat.datasync.com>:

> >>"Jim" == Jim Van Zandt <jrv@vanzandt.mv.com> writes:

Jim>> I think the ".. pathname component" problem deserves some
Jim>> attention. What does anybody think about these steps?

Jim>> 1) Incoming Debian source packages should be automatically
Jim>> scanned, and offending files flagged.

Jim>> 2) GNU tar should refuse to unpack such a tar file, unless
Jim>> enabled by a switch.

Jim>> 3) GNU tar should refuse to create such a tar file, unless
Jim>> enabled by a switch.

> 	I hope you mean ask the upstream authors to change GNU tars
>  behaviour, and not that Debian should do a major change in behaviour
>  on it's own. In case we even consider doing such a thing, it should
>  be *off* by default, and turned on (by dpkg and friends) with a
>  special switch.

Since it handles the same type of problem as the absolute path remover, it  
should work the same.

The absolute path remover is on by default.

(Have you _ever_ seen a tar containing a path with ".."? Those are  
extremely rare.)

MfG Kai

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: