[Bug 657] Handle different tar options for unpacking
Kevin P. Fleming
kpfleming at linuxfromscratch.org
Sun Nov 2 16:33:29 PST 2003
Neven Has wrote:
> As these options are, after all, set by the user of the program, I
> don't think there could be any security issues. So only some basic
> checking, in case the user made an error, could be done.
I agree, I was just trying to cover all the bases here.
> Making sure that %s is present, that %p is not (for example), etc.
> And exiting with an error if anything weird is found, I don't think
> that escaping the string and proceeding would be a good idea. After
> all, these are the simple options for unpacking.
That is what I will do, some basic checks for "dangerous" format
specifiers (or too many format specifiers).
More information about the alfs-log