[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
rx-1.5 tarfile uses ".." for directory name
From: |
Jeremy C. Reed |
Subject: |
rx-1.5 tarfile uses ".." for directory name |
Date: |
Mon, 14 Oct 2002 21:43:29 -0700 (PDT) |
The old rx-1.5 tarfile contains:
-rw-r--r-- lord/tlord 38237 Jan 15 12:31 1997 rx-1.5/rx/../doc/rx.texi
-rw-r--r-- lord/tlord 36629 Jan 15 12:31 1997 rx-1.5/rx/../doc/rx.info
-rw-r--r-- lord/tlord 146156 Nov 21 21:49 1996 rx-1.5/rx/../doc/texinfo.tex
Instead of "rx-1.5/doc/".
Some modern versions of tar (like GNU alpha tar) don't accept ".." in the
filename, because users may unknowingly overwrite files.
For example, tar may say:
/usr/bin/tar: rx-1.5/rx/../doc/rx.texi: Member name contains `..'
/usr/bin/tar: rx-1.5/rx/../doc/rx.info: Member name contains `..'
/usr/bin/tar: rx-1.5/rx/../doc/texinfo.tex: Member name contains `..'
/usr/bin/tar: Error exit delayed from previous errors
In this case, it doesn't seem like any possible security issue, but
inconvenient. Feel free to share an legitimate examples of allowing ".."
in a tar file filename.
Can you consider remaking rx-1.5 (as rx-1.5.1, for example) without ".."?
(By the way, I emailed this email address as it is noted in the
rx-1.5/ANNOUNCE file. I also bcc'd to Tom Lord.)
Thanks,
Jeremy C. Reed
http://www.isp-faq.com/
- rx-1.5 tarfile uses ".." for directory name,
Jeremy C. Reed <=
- Re: rx-1.5 tarfile uses ".." for directory name, Tom Lord, 2002/10/15
- Re: rx-1.5 tarfile uses ".." for directory name, Jeremy C. Reed, 2002/10/15
- Re: rx-1.5 tarfile uses ".." for directory name, Tom Lord, 2002/10/15
- Re: rx-1.5 ..., Stepan Kasal, 2002/10/15
- Re: rx-1.5 ..., Eli Zaretskii, 2002/10/15
- Re: rx-1.5 ..., Tom Lord, 2002/10/15
- Re: rx-1.5 ..., Stepan Kasal, 2002/10/18
- Re: rx-1.5 ..., Tom Lord, 2002/10/18
- Re: rx-1.5 tarfile uses ".." for directory name, Richard Stallman, 2002/10/18
- Re: rx-1.5 tarfile uses ".." for directory name, Tom Lord, 2002/10/18