Bug#32828: dpkg-dev: control.tar.gz and data.tar.gz containing ./
On Wed, 3 Feb 1999, Ian Jackson wrote:
> Madarasz Gergely writes ("Bug#32828: dpkg-dev: control.tar.gz and data.tar.gz containing ./"):
> > Package: dpkg-dev
> > Version: 1.4.0.31
> >
> > I've just wanted to check a packages contents and control information,
> > and it made my /tmp almost unusable.
> > I did tar xzvf control.tar.gz in /tmp, and since control.tar.gz contains
> > drwxr-xr-x root/root 0 1999-02-01 19:21 ./
> > it rewrote the perms of /tmp to 755 -> I got a non-working /tmp. It may
> > happen in other directories, even when not run as root...
>
> Don't Do That Then.
How should everybody know that this is dangerous? I had friends who
told me that their /tmp mysteriously lost its permissions, and who
never understood why. Now I understand. One would never expect that the
permissions of current directory can be changed because of a simple tar
command.
> > I guess the reason for this is that debian/tmp/DEBIAN was tarred as the
> > current directory. The above case shows that it should be avoided, so it
> > would be nicer if tar was called with tar <options> * instead of tar
> > <options> .
>
> There might be dotfiles in DEBIAN.
Then tar .* with excluding .. and . could do it.
>
> Ian.
> (closing this bug report)
I dont think this is apropriate here :( Any comments from others ?
--
Madarasz Gergely gorgo@caesar.elte.hu gorgo@linux.rulez.org
It's practically impossible to look at a penguin and feel angry.
Egy pingvinre gyakorlatilag lehetetlen haragosan nezni.
HuLUG: http://mlf.linux.rulez.org/
Reply to: