Re: Suggestion to and how to alow different compression for .debs

To: Wichert Akkerman <wichert@liacs.nl>
Cc: Debian Devel List <debian-devel@lists.debian.org>, debian-policy@lists.debian.org
Subject: Re: Suggestion to and how to alow different compression for .debs
From: Jason Gunthorpe <jgg@ualberta.ca>
Date: Wed, 27 Oct 1999 20:27:04 -0600 (MDT)
Message-id: <[🔎] Pine.LNX.3.96.991027201618.30468N-100000@localhost>
In-reply-to: <[🔎] 19991028023605.C508@mors.net>

On Thu, 28 Oct 1999, Wichert Akkerman wrote:

> Let me give another good reason why using a uncompress.sh script is
> something I will never accept: it means that unpacking a package in
> an arbitrary location is no longer a guaranteed safe action, since
> uncompress.sh could do something nasty.

You might want to check out how dpkg actually unpacks the control.tar.gz,
if memory serves me it uses tar without chroot to do it, which means that
control.tar.gz could easially contain /bin/sh or something equally nasty..
So it is hardly a guaranteed safe action right now.

Of course that is fixable, Goswin's idea isn't.

Jason

Reply to:

Follow-Ups:
- Re: Suggestion to and how to alow different compression for .debs
  - From: Wichert Akkerman <wichert@liacs.nl>

References:
- Re: Suggestion to and how to alow different compression for .debs
  - From: Wichert Akkerman <wichert@liacs.nl>

Prev by Date: Re: Default language for system
Next by Date: [ANNOUNCE] experiemental dpkg available
Previous by thread: Re: Suggestion to and how to alow different compression for .debs
Next by thread: Re: Suggestion to and how to alow different compression for .debs
Index(es):
- Date
- Thread