[Bug 657] Handle different tar options for unpacking

Neven Has haski at sezampro.yu
Sun Nov 2 15:21:52 PST 2003


On Sun, Nov 02, 2003 at 02:03:06PM -0700, bugzilla at linuxfromscratch.org wrote:
> On the subject of the string format specifiers, I can think of two
> relatively simple solutions:
> 
> - go through the user-specified string and prefix all '%' characters
> that are not followed by 's' with additional '%', escaping them
> (also possibly any that occur after the first '%s' combination
> 
> - use an alternative string-substitution method (directly coded
> instead of printf)

As these options are, after all, set by the user of the program, I
don't think there could be any security issues.  So only some basic
checking, in case the user made an error, could be done.

Making sure that %s is present, that %p is not (for example), etc.
And exiting with an error if anything weird is found, I don't think
that escaping the string and proceeding would be a good idea.  After
all, these are the simple options for unpacking.


Neven




More information about the alfs-log mailing list