Date: Fri, 18 Jun 2010 10:51:23 -0700 From: Sean Bruno <seanbru@yahoo-inc.com> To: "d@delphij.net" <d@delphij.net> Cc: "delphij@freebsd.org" <delphij@freebsd.org>, "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>, Peter Jeremy <peterjeremy@acm.org> Subject: Re: [Stable 7] CPIO breakage/ Message-ID: <1276883483.2518.27.camel@localhost.localdomain> In-Reply-To: <4C1A9DEE.8040203@delphij.net> References: <1276639800.2462.80.camel@localhost.localdomain> <1276646707.2462.82.camel@localhost.localdomain> <4C18195A.3020501@delphij.net> <20100617205302.GA60347@server.vk2pj.dyndns.org> <4C1A9DEE.8040203@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2010-06-17 at 15:13 -0700, Xin LI wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 2010/06/17 13:53, Peter Jeremy wrote: > > On 2010-Jun-15 17:22:50 -0700, Xin LI <delphij@delphij.net> wrote: > >> On 2010/06/15 17:05, Sean Bruno wrote: > >>> A little more background. It looks like symlinks are getting stripped > >>> of their '/' which sucks. Ideas? > > ... > >>> e.g. /home/foo/bar -> /opt/baz/blob > >>> > >>> becomes > >>> > >>> home/foo/bar -> opt/baz/blob > >>> > >>> Yuck. > >> > >> This is a security measurement I think. > > > > Can someone please explain how stripping a leading '/' off the > > destination of a symlink enhances security? The destination is > > not being written to. > > > >> --absolute-filenames disables this behavior. > > > > This definitely reduces security and would seem to be far more > > dangerous than being able to create symlinks to absolute pathnames. > > Sorry I have misunderstood the original issue. It's the link target > being mangled and doesn't seem right to me. I'll ask the author about this. > > The attached patch should restore the old behavior. > > Cheers, > - -- > Xin LI <delphij@delphij.net> http://www.delphij.net/ > FreeBSD - The Power to Serve! Live free or die Yep, *this* patches seems to make things much happier. I'll integrate cpio 2.8 back into the Yahoo tree when this is merged in. Thanks for your patience and work on -stable. Sean
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1276883483.2518.27.camel>