[Stable 7] CPIO breakage/
Xin LI
delphij at delphij.net
Fri Jun 18 18:22:58 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2010/06/18 10:51, Sean Bruno wrote:
> On Thu, 2010-06-17 at 15:13 -0700, Xin LI wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> On 2010/06/17 13:53, Peter Jeremy wrote:
>>> On 2010-Jun-15 17:22:50 -0700, Xin LI <delphij at delphij.net> wrote:
>>>> On 2010/06/15 17:05, Sean Bruno wrote:
>>>>> A little more background. It looks like symlinks are getting stripped
>>>>> of their '/' which sucks. Ideas?
>>> ...
>>>>> e.g. /home/foo/bar -> /opt/baz/blob
>>>>>
>>>>> becomes
>>>>>
>>>>> home/foo/bar -> opt/baz/blob
>>>>>
>>>>> Yuck.
>>>>
>>>> This is a security measurement I think.
>>>
>>> Can someone please explain how stripping a leading '/' off the
>>> destination of a symlink enhances security? The destination is
>>> not being written to.
>>>
>>>> --absolute-filenames disables this behavior.
>>>
>>> This definitely reduces security and would seem to be far more
>>> dangerous than being able to create symlinks to absolute pathnames.
>>
>> Sorry I have misunderstood the original issue. It's the link target
>> being mangled and doesn't seem right to me. I'll ask the author about this.
>>
>> The attached patch should restore the old behavior.
>>
>> Cheers,
>> - --
>> Xin LI <delphij at delphij.net> http://www.delphij.net/
>> FreeBSD - The Power to Serve! Live free or die
>
> Yep, *this* patches seems to make things much happier. I'll integrate
> cpio 2.8 back into the Yahoo tree when this is merged in.
Thanks for testing, I have committed the patch as r209311 and sorry for
the breakage.
Cheers,
- --
Xin LI <delphij at delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)
iQEcBAEBCAAGBQJMG7lxAAoJEATO+BI/yjfBBhEIAJRbR1ZniY+JQ4Ak+He+FWKw
jRXb/lTC1PfCDIi5Vm+j0NGAZP2hNBzt9k7uouDyguXcHKvPNXKFhjvaJtdDK40Y
e2Pr2PNeXzwBGaL27eDPdjt2gxZ16GbzQe47d2jyT3nQRUYBGehJcLzJl7chrLZn
0PJmztmZt8Uc6oeQo427PzhgqcCFG5Edrc7dtiFZ1rvdaXGXd64mu30oArLV3MCA
c//wgx+qK2wQ1AGeylZGOqbJmtgdxY3+g961a/G9c0Y/Bt+muWBY5xDK1LpA7IcN
/s8l39g6TMzjp4YYlRUG5flhv3xtFACZxxAnkDYA+02cR2euNpt1irjdxj7jwvI=
=V3yO
-----END PGP SIGNATURE-----
More information about the freebsd-stable
mailing list