At 01:54 30.11.2006, you wrote: > > why can using cpio be a security risk? (i'm using "cpio (GNU cpio) 2.7") > >cpio can be tricked to decode multiple archive components into the same file, >overwriting previous contents, which could help in camouflaging a virus.
thank you for explaining it. >pax has options which can reduce the problem to large extent (including >some other implications of the same), although it still is not perfect >for the job. tar is very much nonstandard and limited in formats it supports >compared to pax. > > > if so, which pax version is advisable to choose? > >If your OS comes with it, it should do (unless it is ancient). >Otherwise compile it from source, or use a heirloom version, >which is quite good. i wasnt able to find the latest GNU paxutils....the gnu/savannah pages are confusing me... so i'll take heirloom pax thank you again, Mark! MK ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
