diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2011-01-04 08:46:26 +0100 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2011-01-04 08:46:26 +0100 |
commit | a116552869db5e7793ae10968eb3c962c69b3d8c (patch) | |
tree | f75548679a257aeffd832be5366a4f41cde116ab | |
parent | 6100b51ca81721ac364f101a17cbce0d9f6fcb59 (diff) |
tar: add a note about -C and symlink-in-tarball attack
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | archival/tar.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/archival/tar.c b/archival/tar.c index ebaa965c0..813f86e82 100644 --- a/archival/tar.c +++ b/archival/tar.c @@ -23,6 +23,25 @@ * Licensed under GPLv2 or later, see file LICENSE in this source tree. */ +/* TODO: security with -C DESTDIR option can be enhanced. + * Consider tar file created via: + * $ tar cvf bug.tar anything.txt + * $ ln -s /tmp symlink + * $ tar --append -f bug.tar symlink + * $ rm symlink + * $ mkdir symlink + * $ tar --append -f bug.tar symlink/evil.py + * + * This will result in an archive which contains: + * $ tar --list -f bug.tar + * anything.txt + * symlink + * symlink/evil.py + * + * Untarring it puts evil.py in '/tmp' even if the -C DESTDIR is given. + * This doesn't feel right, and IIRC GNU tar doesn't do that. + */ + #include <fnmatch.h> #include "libbb.h" #include "archive.h" |