Bug List: (6 of 13) First Last Prev Next   Show last search results
Bug 1143659 - AUDIT-FIND: obs-service-extract_file: calls cpio instead of bsdtar
Summary: AUDIT-FIND: obs-service-extract_file: calls cpio instead of bsdtar
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Audits (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Adrian Schröter
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 1119444
  Show dependency treegraph
 
Reported: 2019-07-31 14:20 UTC by Malte Kraus
Modified: 2020-11-25 09:28 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Malte Kraus 2019-07-31 14:20:25 UTC 
should probably use bsdtar instead of cpio
Comment 1 Johannes Segitz 2020-11-25 09:26:47 UTC 
not sure that bsdtar is that much better, but passing --no-absolute-filenames to cpio would be a good idea. A generic solution of sandboxing the operation no matter which tool is used would be my preferred solution
Comment 2 Adrian Schröter 2020-11-25 09:28:15 UTC 
added that parameter
Bug List: (6 of 13) First Last Prev Next   Show last search results