From owner-freebsd-stable@FreeBSD.ORG  Fri Jun 18 18:22:58 2010
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1DB5C106566B;
	Fri, 18 Jun 2010 18:22:58 +0000 (UTC)
	(envelope-from delphij@delphij.net)
Received: from tarsier.geekcn.org (tarsier.geekcn.org [IPv6:2001:470:a803::1])
	by mx1.freebsd.org (Postfix) with ESMTP id A384A8FC13;
	Fri, 18 Jun 2010 18:22:57 +0000 (UTC)
Received: from mail.geekcn.org (tarsier.geekcn.org [211.166.10.233])
	by tarsier.geekcn.org (Postfix) with ESMTP id A82ABA58554;
	Sat, 19 Jun 2010 02:22:55 +0800 (CST)
X-Virus-Scanned: amavisd-new at geekcn.org
Received: from tarsier.geekcn.org ([211.166.10.233])
	by mail.geekcn.org (mail.geekcn.org [211.166.10.233]) (amavisd-new,
	port 10024)
	with LMTP id DrP1wWFV3LbF; Sat, 19 Jun 2010 02:22:48 +0800 (CST)
Received: from delta.delphij.net (drawbridge.ixsystems.com [206.40.55.65])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by tarsier.geekcn.org (Postfix) with ESMTPSA id 86096A584DE;
	Sat, 19 Jun 2010 02:22:46 +0800 (CST)
DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns;
	h=message-id:date:from:reply-to:organization:user-agent:
	mime-version:to:cc:subject:references:in-reply-to:
	x-enigmail-version:openpgp:content-type:content-transfer-encoding;
	b=K+Y6nTHIqwx5y39kBVKxuGUfkSnAPyEOvAKIb3uU9jMmHHo0FNy4Iv/FIwSPsG5A0
	zyxyIT/7Lam3/7P58geRw==
Message-ID: <4C1BB971.4030501@delphij.net>
Date: Fri, 18 Jun 2010 11:22:41 -0700
From: Xin LI <delphij@delphij.net>
Organization: The Geek China Organization
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.1.9) Gecko/20100602 Thunderbird/3.0.4 ThunderBrowse/3.2.8.1
MIME-Version: 1.0
To: Sean Bruno <seanbru@yahoo-inc.com>
References: <1276639800.2462.80.camel@localhost.localdomain>	
	<1276646707.2462.82.camel@localhost.localdomain>	
	<4C18195A.3020501@delphij.net>	
	<20100617205302.GA60347@server.vk2pj.dyndns.org>	
	<4C1A9DEE.8040203@delphij.net>
	<1276883483.2518.27.camel@localhost.localdomain>
In-Reply-To: <1276883483.2518.27.camel@localhost.localdomain>
X-Enigmail-Version: 1.0.1
OpenPGP: id=3FCA37C1;
	url=http://www.delphij.net/delphij.asc
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: "delphij@freebsd.org" <delphij@freebsd.org>,
	"freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>,
	"d@delphij.net" <d@delphij.net>, Peter Jeremy <peterjeremy@acm.org>
Subject: Re: [Stable 7] CPIO breakage/
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: d@delphij.net
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jun 2010 18:22:58 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2010/06/18 10:51, Sean Bruno wrote:
> On Thu, 2010-06-17 at 15:13 -0700, Xin LI wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> On 2010/06/17 13:53, Peter Jeremy wrote:
>>> On 2010-Jun-15 17:22:50 -0700, Xin LI <delphij@delphij.net> wrote:
>>>> On 2010/06/15 17:05, Sean Bruno wrote:
>>>>> A little more background.  It looks like symlinks are getting stripped
>>>>> of their '/' which sucks.  Ideas?
>>> ...
>>>>> e.g. /home/foo/bar -> /opt/baz/blob
>>>>>
>>>>> becomes
>>>>>
>>>>> home/foo/bar -> opt/baz/blob   
>>>>>
>>>>> Yuck.
>>>>
>>>> This is a security measurement I think.
>>>
>>> Can someone please explain how stripping a leading '/' off the
>>> destination of a symlink enhances security?  The destination is
>>> not being written to.
>>>
>>>> --absolute-filenames disables this behavior.
>>>
>>> This definitely reduces security and would seem to be far more
>>> dangerous than being able to create symlinks to absolute pathnames.
>>
>> Sorry I have misunderstood the original issue.  It's the link target
>> being mangled and doesn't seem right to me.  I'll ask the author about this.
>>
>> The attached patch should restore the old behavior.
>>
>> Cheers,
>> - -- 
>> Xin LI <delphij@delphij.net>	http://www.delphij.net/
>> FreeBSD - The Power to Serve!	       Live free or die
> 
> Yep, *this* patches seems to make things much happier.  I'll integrate
> cpio 2.8 back into the Yahoo tree when this is merged in.  

Thanks for testing, I have committed the patch as r209311 and sorry for
the breakage.

Cheers,
- -- 
Xin LI <delphij@delphij.net>	http://www.delphij.net/
FreeBSD - The Power to Serve!	       Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iQEcBAEBCAAGBQJMG7lxAAoJEATO+BI/yjfBBhEIAJRbR1ZniY+JQ4Ak+He+FWKw
jRXb/lTC1PfCDIi5Vm+j0NGAZP2hNBzt9k7uouDyguXcHKvPNXKFhjvaJtdDK40Y
e2Pr2PNeXzwBGaL27eDPdjt2gxZ16GbzQe47d2jyT3nQRUYBGehJcLzJl7chrLZn
0PJmztmZt8Uc6oeQo427PzhgqcCFG5Edrc7dtiFZ1rvdaXGXd64mu30oArLV3MCA
c//wgx+qK2wQ1AGeylZGOqbJmtgdxY3+g961a/G9c0Y/Bt+muWBY5xDK1LpA7IcN
/s8l39g6TMzjp4YYlRUG5flhv3xtFACZxxAnkDYA+02cR2euNpt1irjdxj7jwvI=
=V3yO
-----END PGP SIGNATURE-----