On 18/06/2010 6:53 AM, Peter Jeremy wrote: > On 2010-Jun-15 17:22:50 -0700, Xin LI <delp...@delphij.net> wrote: >> On 2010/06/15 17:05, Sean Bruno wrote: >>> A little more background. It looks like symlinks are getting stripped >>> of their '/' which sucks. Ideas? > ... >>> e.g. /home/foo/bar -> /opt/baz/blob >>> >>> becomes >>> >>> home/foo/bar -> opt/baz/blob >>> >>> Yuck. >> >> This is a security measurement I think. > > Can someone please explain how stripping a leading '/' off the > destination of a symlink enhances security? The destination is > not being written to. >
Easy. Create a symlink etc, to /etc Create a file etc/passwd containing whatever you want. Of course, a better way to deal with that is to chroot, seeing you could probably use ../../../../../../../../../../../../.../../../../etc instead of /etc and get the same effect, and I don't know that tar tries to prevent that; tar has the --chroot option. >> --absolute-filenames disables this behavior. > > This definitely reduces security and would seem to be far more > dangerous than being able to create symlinks to absolute pathnames. > -- Sean Winn s...@gothic.net.au _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"