- changed status to wontfix
[tnozaki-libarchive] Leave pre-existing symlinks alone on extraction
from https://github.com/libarchive/libarchive/pull/1300
When libarchive encounters an existing symbolic link during extraction
it removes that symbolic link first before overwriting it, unless
it is told that it can trust symlinks from the archive.Placing symbolic links on known paths in the extracting subdirectory
is a simple way that a system administrator can place data at a
different location without having the overhead of a mountpoint.Trusting symlinks from an archive is never safe because they can
maliciously overwrite files outside of the extraction directory.This patch adds a linked-list to track of the symbolic links that
were created during extraction so that it does not trust them. This
way during extraction, libarchive can remove the symlinks it created,
but leave the pre-existing ones alone.
Comments (1)
-
reporter - Log in to comment
merge discussion is suspended by some kraut's objection and poor test case fixes. take my time until upstream's decision