1 files changed, 11 insertions, 0 deletions
diff --git a/archival/Config.src b/archival/Config.src
index 6f4f30c43..cbcd7217c 100644
--- a/archival/Config.src
+++ b/archival/Config.src
@@ -35,4 +35,15 @@ config FEATURE_LZMA_FAST
        This option reduces decompression time by about 25% at the cost of
        a 1K bigger binary.
+config FEATURE_PATH_TRAVERSAL_PROTECTION
+        bool "Prevent extraction of filenames with /../ path component"
+        default n
+        help
+        busybox tar and unzip remove "PREFIX/../" (if it exists)
+        from extracted names.
+        This option enables this behavior for all other unpacking applets,
+        such as cpio, ar, rpm.
+        GNU cpio 2.15 has NO such sanity check.
+# try other archivers and document their behavior?
 endmenu

diff --git a/archival/Config.src b/archival/Config.src index 6f4f30c43..cbcd7217c 100644 --- a/archival/Config.src +++ b/archival/Config.src
@@ -35,4 +35,15 @@ config FEATURE_LZMA_FAST
35	This option reduces decompression time by about 25% at the cost of	35	This option reduces decompression time by about 25% at the cost of
36	a 1K bigger binary.	36	a 1K bigger binary.
37		37
		38	config FEATURE_PATH_TRAVERSAL_PROTECTION
		39	bool "Prevent extraction of filenames with /../ path component"
		40	default n
		41	help
		42	busybox tar and unzip remove "PREFIX/../" (if it exists)
		43	from extracted names.
		44	This option enables this behavior for all other unpacking applets,
		45	such as cpio, ar, rpm.
		46	GNU cpio 2.15 has NO such sanity check.
		47	# try other archivers and document their behavior?
		48
38	endmenu	49	endmenu