tar: symlinks unpacked to empty files (tar security problem?)
Yaakov (Cygwin/X)
yselkowitz@users.sourceforge.net
Sun Jul 4 20:09:00 GMT 2010
On Sun, 2010-07-04 at 13:17 -0400, Christopher Faylor wrote:
> That's because of the way that tar handles symlinks. If you have a
> reference to an absolute path, tar makes a zero-length regular file
> placeholder. Then when it is done extracting, tar is supposed to remove
> this file and create the real symlink. However, the test to make sure
> that it is ok to do this was broken by a recent DLL change. The inode
> returned the first time that the file was created was != the inode when
> the file is checked later. So tar thought that the zero-length file was
> modified and silently decided not to create the symlink.
>
> I've fixed the cygwin problem - it should be in the next snapshot.
It appears to be working with 20100704 snapshot. Thanks for the quick
response.
Yaakov
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list