On Thu, 2010-06-17 at 15:13 -0700, Xin LI wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 2010/06/17 13:53, Peter Jeremy wrote: > > On 2010-Jun-15 17:22:50 -0700, Xin LI <delphij@delphij.net> wrote: > >> On 2010/06/15 17:05, Sean Bruno wrote: > >>> A little more background. It looks like symlinks are getting stripped > >>> of their '/' which sucks. Ideas? > > ... > >>> e.g. /home/foo/bar -> /opt/baz/blob > >>> > >>> becomes > >>> > >>> home/foo/bar -> opt/baz/blob > >>> > >>> Yuck. > >> > >> This is a security measurement I think. > > > > Can someone please explain how stripping a leading '/' off the > > destination of a symlink enhances security? The destination is > > not being written to. > > > >> --absolute-filenames disables this behavior. > > > > This definitely reduces security and would seem to be far more > > dangerous than being able to create symlinks to absolute pathnames. > > Sorry I have misunderstood the original issue. It's the link target > being mangled and doesn't seem right to me. I'll ask the author about this. > > The attached patch should restore the old behavior. > > Cheers, > - -- > Xin LI <delphij@delphij.net> http://www.delphij.net/ > FreeBSD - The Power to Serve! Live free or die Yep, *this* patches seems to make things much happier. I'll integrate cpio 2.8 back into the Yahoo tree when this is merged in. Thanks for your patience and work on -stable. Sean _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"