From owner-freebsd-stable@FreeBSD.ORG Fri Jun 18 17:51:51 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 434DD106566C; Fri, 18 Jun 2010 17:51:51 +0000 (UTC) (envelope-from seanbru@yahoo-inc.com) Received: from mrout2-b.corp.re1.yahoo.com (mrout2-b.corp.re1.yahoo.com [69.147.107.21]) by mx1.freebsd.org (Postfix) with ESMTP id 01A078FC14; Fri, 18 Jun 2010 17:51:50 +0000 (UTC) Received: from [127.0.0.1] (cheese.corp.yahoo.com [216.145.50.99]) by mrout2-b.corp.re1.yahoo.com (8.13.8/8.13.8/y.out) with ESMTP id o5IHpOJm027610; Fri, 18 Jun 2010 10:51:25 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; s=serpent; d=yahoo-inc.com; c=nofws; q=dns; h=subject:from:to:cc:in-reply-to:references:content-type:date: message-id:mime-version:x-mailer:content-transfer-encoding; b=A73mpL8N8APhKcuFyLVaBNHV1hPCE7N0Ps6mxW6SJoZOuYOUhnAi6RLLadLkUoCh From: Sean Bruno To: "d@delphij.net" In-Reply-To: <4C1A9DEE.8040203@delphij.net> References: <1276639800.2462.80.camel@localhost.localdomain> <1276646707.2462.82.camel@localhost.localdomain> <4C18195A.3020501@delphij.net> <20100617205302.GA60347@server.vk2pj.dyndns.org> <4C1A9DEE.8040203@delphij.net> Content-Type: text/plain; charset="UTF-8" Date: Fri, 18 Jun 2010 10:51:23 -0700 Message-ID: <1276883483.2518.27.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 (2.28.3-1.fc12) Content-Transfer-Encoding: 7bit Cc: "delphij@freebsd.org" , "freebsd-stable@freebsd.org" , Peter Jeremy Subject: Re: [Stable 7] CPIO breakage/ X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2010 17:51:51 -0000 On Thu, 2010-06-17 at 15:13 -0700, Xin LI wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 2010/06/17 13:53, Peter Jeremy wrote: > > On 2010-Jun-15 17:22:50 -0700, Xin LI wrote: > >> On 2010/06/15 17:05, Sean Bruno wrote: > >>> A little more background. It looks like symlinks are getting stripped > >>> of their '/' which sucks. Ideas? > > ... > >>> e.g. /home/foo/bar -> /opt/baz/blob > >>> > >>> becomes > >>> > >>> home/foo/bar -> opt/baz/blob > >>> > >>> Yuck. > >> > >> This is a security measurement I think. > > > > Can someone please explain how stripping a leading '/' off the > > destination of a symlink enhances security? The destination is > > not being written to. > > > >> --absolute-filenames disables this behavior. > > > > This definitely reduces security and would seem to be far more > > dangerous than being able to create symlinks to absolute pathnames. > > Sorry I have misunderstood the original issue. It's the link target > being mangled and doesn't seem right to me. I'll ask the author about this. > > The attached patch should restore the old behavior. > > Cheers, > - -- > Xin LI http://www.delphij.net/ > FreeBSD - The Power to Serve! Live free or die Yep, *this* patches seems to make things much happier. I'll integrate cpio 2.8 back into the Yahoo tree when this is merged in. Thanks for your patience and work on -stable. Sean