Add support for not extracting file attributes

[wimlib] / doc / imagex-apply.1.in

diff --git a/doc/imagex-apply.1.in b/doc/imagex-apply.1.in
index 46bf7ec1708700a61e17b410a01b7364594d55e2..6043d025842bed27d7bab9a32ef665b459d848e8 100644 (file)
--- a/doc/imagex-apply.1.in
+++ b/doc/imagex-apply.1.in
@@ -352,6 +352,9 @@ combined with \fB--unix-data\fR to cause \fB@IMAGEX_PROGNAME@\fR to fail
 immediately if the UNIX owner, group, or mode on an extracted file cannot be set
 for any reason.
 .TP
+\fB--no-attributes\fR
+Do not restore Windows file attributes such as readonly, hidden, etc.
+.TP
 \fB--include-invalid-names\fR
 Extract files and directories with invalid names by replacing characters and
 appending a suffix rather than ignoring them.  Exactly what is considered an
@@ -386,6 +389,12 @@ WIMs, which usually contain LZMS-compressed solid blocks and may carry the
 \fI.esd\fR file extension rather than \fI.wim\fR.  However, \fI.esd\fR files
 downloaded directly by the Windows 8 web downloader have encrypted segments, and
 wimlib cannot extract such files until they are first decrypted.
+.PP
+\fIDirectory traversal attacks\fR:  wimlib validates filenames before extracting
+them and is not vulnerable to directory traversal attacks.  This is in contrast
+to Microsoft WIMGAPI/Imagex/Dism which can overwrite arbitrary files on the
+target drive when extracting a malicious WIM file containing files named
+\fI..\fR or containing path separators.
 .SH EXAMPLES
 Extract the first image from the Windows PE image on the Windows Vista/7/8
 installation media to the directory "boot":