Closed
Description
Is this a BUG REPORT or FEATURE REQUEST?: Bug
/kind bug
What happened:
kubectl cp :/some/remote/dir /some/local/dir
If the container returns a malformed tarfile with paths like:
'/some/remote/dir/../../../../tmp/foo' kubectl writes this to /tmp/foo instead of /some/local/dir/tmp/foo
What you expected to happen:
I expect kubectl to clean up the path and write to /some/local/dir/tmp/foo
Notes
Original credit to @hansmi (Michael Hanselmann) for originally reporting the bug.
Tracked as CVE-2018-1002100