Dies schrieb Paul Eggert ([email protected]): > In the longer run, Joerg's suggestion of using libfind, or something like > that, may be a better one -- then 'tar' could do anything that 'find' can > do, without further ado. However, libfind (or whatever) would have to be > audited for security holes....
Sure, in the long run this might be a better alternative. But what until then? Is there any argument against the original patch, which is already present and does scratch an existing itch by just changing the exit code for some specific issues? > > I also spoke to many different people that are in fact using the > > combination of > > find and tar > > This combination is safe in environments where only trusted users can > modify the file system. But it's not safe in general, which is why > I have qualms about supporting it. Can you elaborate on the possible attack scenario? I'm genuinely interested...
