bug-tar
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-tar] [PATCH v2] Intelligent subdirectory creation to guard agai

From: Connor Behan
Subject: Re: [Bug-tar] [PATCH v2] Intelligent subdirectory creation to guard against tarbombs
Date: Thu, 15 Aug 2013 13:16:49 -0700
User-agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130625 Thunderbird/17.0.7
On 13/08/13 08:56 PM, Paul Eggert wrote: 
Connor Behan wrote:

 This could be handled without adding a new option
if -k became "don't replace existing files or create more than one file
at the top level when extracting, treat them as errors". So -k would
become a broader kind of "play it safe while extracting" option.

We probably can't change -k that drastically, but it would
be OK to add an option that says "allow at most one top-level
name", which could be combined with -k.
Sounds good. AFAIK, the most promising way to avoid tarbombs so far is a script called untar.py but it would be annoying to get into the habit of typing a completely different command for extracting. If tar quit and said "this is a tarbomb, you will have to use untar.py this one time" I'd be more happy. I will submit a patch that does this, as well as a v3 of my bigger patch.

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]