Read Time:18 Second
Posted by Harry Sintonen via Fulldisclosure on Jan 14
So does for example tar. The same rules that apply to tar also apply to
cpio:
“Extract from an untrusted archive only into an otherwise-empty directory.
This directory and its parent should be accessible only to trusted users.”
This is a user error, not a vulnerability in cpio.