[Bug 657] Handle different tar options for unpacking

Kevin P. Fleming kpfleming at linuxfromscratch.org
Sun Nov 2 16:33:29 PST 2003

Neven Has wrote:

> As these options are, after all, set by the user of the program, I
> don't think there could be any security issues.  So only some basic
> checking, in case the user made an error, could be done.

I agree, I was just trying to cover all the bases here.

> Making sure that %s is present, that %p is not (for example), etc.
> And exiting with an error if anything weird is found, I don't think
> that escaping the string and proceeding would be a good idea.  After
> all, these are the simple options for unpacking.

That is what I will do, some basic checks for "dangerous" format 
specifiers (or too many format specifiers).

More information about the alfs-log mailing list