Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!elroy!jpl-devvax!lwall
From: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Newsgroups: comp.sources.d
Subject: Re: Archiving Sources (was alt.sources archiving)
Message-ID: <4632@jpl-devvax.JPL.NASA.GOV>
Date: 21 Mar 89 23:54:52 GMT
References: <448@ssbell.UUCP>
Reply-To: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Organization: Jet Propulsion Laboratory, Pasadena, CA.
Lines: 14

In article <448@ssbell.UUCP> kent@ssbell.UUCP (Kent Landfield) writes:
: I really fail to see a security issues problem as long as archivers do not
: use absolute paths.

Just so's you remember that ../../../../../../../../../../../etc/passwd
is effectively an absolute path.  And are any of your devices in /dev
world writable?  Anyone for a distributed Berkeley Break tonight?  Wanna
look for old Masscomps that default the system disk to world writable?

If you are archiving to a directory that might have had a foreign makefile
run in it, you'd best think a bit about symbolic links too.

Larry Wall
lwall@jpl-devvax.jpl.nasa.gov