Hello busybox community, as I haven't seen much ongoin about the path traversal problem of CVE-2023-39810, I spent some time on it and want to share a poposal how it could be mitigated. Happy to see some comments on my proposal.
Thank you very much and best regards --peter; Peter Kaestle (1): archival: new option to disallow path traversals archival/Config.src | 7 +++++++ archival/libarchive/data_extract_all.c | 22 ++++++++++++++++++++++ testsuite/cpio.tests | 18 ++++++++++++++++++ 3 files changed, 47 insertions(+) -- 2.44.0 _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox