Hi Alexander, My quick test shows that with the proper filesystem permissions no harm could be done:
$ pwd /home/vk/cpio $ ls -lad /home/postgres/ drwx------ 4 postgres postgres 4096 May 21 2014 /home/postgres/ $ ln -s /home/postgres/.mozilla dir ... $ cpio --no-absolute-filenames -ivF test.cpio dir cpio: dir/file: Cannot open: Permission denied dir/file 1 block Do you think this is a valid case for a CVE? -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828
pgpq0gPdTyknH.pgp
Description: PGP signature
