[Bug 10651] tar: check for unsafe symlinks is overly strict

bugzilla at busybox.net bugzilla at busybox.net
Tue Feb 20 15:08:36 UTC 2018


https://bugs.busybox.net/show_bug.cgi?id=10651

--- Comment #8 from Denys Vlasenko <vda.linux at googlemail.com> ---
commit a84db18fc71d09e801df0ebca048d82e90b32c6a
Author: Denys Vlasenko <vda.linux at googlemail.com>
Date:   Tue Feb 20 15:57:45 2018 +0100

    tar,unzip: postpone creation of symlinks with "suspicious" targets

    This mostly reverts commit bc9bbeb2b81001e8731cd2ae501c8fccc8d87cc7
    "libarchive: do not extract unsafe symlinks unless
$EXTRACT_UNSAFE_SYMLINKS=1"

    Users report that it is somewhat too restrictive. See
    https://bugs.busybox.net/show_bug.cgi?id=8411

    In particular, this interferes with unpacking of busybox-based
    filesystems with links like "sbin/applet" -> "../bin/busybox".

    The change is made smaller by deleting ARCHIVE_EXTRACT_QUIET flag -
    it is unused since 2010, and removing conditionals on it
    allows commonalizing some error message codes.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list