[PATCH] improve checks on usernames V3.
Ralf Friedl
Ralf.Friedl at online.de
Thu Aug 4 08:44:01 UTC 2011
Harald Becker wrote:
>> Tar never creates user when extracting. It should just treat whatever
>> comes as a string and pass it to getpwnam, which should also not care
>> and use something like strcmp. I would just call that tar program broken.
>>
>
> Call them broken, but still such implementations exist :-( ... I had
> some trouble on an older HP system, where a tar created files owned by
> user number -1, if the untared user name contained UTF-8 characters ...
> files that even root couldn't access or delete!
I would call that even more broken. I would even know how to create
files with owner -1, as chown(-1) doesn't change the owner.
But I won't send files with such names to other people.
Ralf
More information about the busybox
mailing list