[Bug 657] Handle different tar options for unpacking
haski at sezampro.yu
Sun Nov 2 15:21:52 PST 2003
On Sun, Nov 02, 2003 at 02:03:06PM -0700, bugzilla at linuxfromscratch.org wrote:
> On the subject of the string format specifiers, I can think of two
> relatively simple solutions:
> - go through the user-specified string and prefix all '%' characters
> that are not followed by 's' with additional '%', escaping them
> (also possibly any that occur after the first '%s' combination
> - use an alternative string-substitution method (directly coded
> instead of printf)
As these options are, after all, set by the user of the program, I
don't think there could be any security issues. So only some basic
checking, in case the user made an error, could be done.
Making sure that %s is present, that %p is not (for example), etc.
And exiting with an error if anything weird is found, I don't think
that escaping the string and proceeding would be a good idea. After
all, these are the simple options for unpacking.
More information about the alfs-log