diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2011-01-04 08:46:26 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2011-01-04 08:46:26 +0100 |
| commit | a116552869db5e7793ae10968eb3c962c69b3d8c (patch) | |
| tree | f75548679a257aeffd832be5366a4f41cde116ab | |
| parent | 6100b51ca81721ac364f101a17cbce0d9f6fcb59 (diff) | |
| download | busybox-w32-a116552869db5e7793ae10968eb3c962c69b3d8c.tar.gz busybox-w32-a116552869db5e7793ae10968eb3c962c69b3d8c.tar.bz2 busybox-w32-a116552869db5e7793ae10968eb3c962c69b3d8c.zip | |
tar: add a note about -C and symlink-in-tarball attack
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | archival/tar.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/archival/tar.c b/archival/tar.c index ebaa965c0..813f86e82 100644 --- a/archival/tar.c +++ b/archival/tar.c | |||
| @@ -23,6 +23,25 @@ | |||
| 23 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. | 23 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. |
| 24 | */ | 24 | */ |
| 25 | 25 | ||
| 26 | /* TODO: security with -C DESTDIR option can be enhanced. | ||
| 27 | * Consider tar file created via: | ||
| 28 | * $ tar cvf bug.tar anything.txt | ||
| 29 | * $ ln -s /tmp symlink | ||
| 30 | * $ tar --append -f bug.tar symlink | ||
| 31 | * $ rm symlink | ||
| 32 | * $ mkdir symlink | ||
| 33 | * $ tar --append -f bug.tar symlink/evil.py | ||
| 34 | * | ||
| 35 | * This will result in an archive which contains: | ||
| 36 | * $ tar --list -f bug.tar | ||
| 37 | * anything.txt | ||
| 38 | * symlink | ||
| 39 | * symlink/evil.py | ||
| 40 | * | ||
| 41 | * Untarring it puts evil.py in '/tmp' even if the -C DESTDIR is given. | ||
| 42 | * This doesn't feel right, and IIRC GNU tar doesn't do that. | ||
| 43 | */ | ||
| 44 | |||
| 26 | #include <fnmatch.h> | 45 | #include <fnmatch.h> |
| 27 | #include "libbb.h" | 46 | #include "libbb.h" |
| 28 | #include "archive.h" | 47 | #include "archive.h" |