Date: Tue, 22 Oct 2019 14:27:39 +0200
From: Joerg Sonnenberger <jo...@bec.de>
Message-ID: <20191022122739.ga86...@bec.de>
| Extraction of entries in streamable formats happens in isolation. The
| archiver has no knowledge about pre-existing symlinks or whether the
| archive itself just created the symlink.
It should be able to deduce something from the ctime of the symlink
if it wanted - if that predates the start of the extraction, then the
symlink was there in advance, if after, then (most probably) the archive
contained the symlink.
chris...@astron.com said:
| because then we would have to normalize and check all symlinks in the
| archive (and do what? allow only the symlink pointing to an empty directory
| case?
only allow symlinks pointing inside the tree being extracted most likely.
But in both cases, when the archive is untrusted, avoiding all of this
is best, when it is trusted (particularly when the user created it themselves)
things ought to be more flexible.
kre
