tar: add a note about -C and symlink-in-tarball attack

author Denys Vlasenko <vda.linux@googlemail.com>

Tue, 4 Jan 2011 07:46:26 +0000 (08:46 +0100)

committer Denys Vlasenko <vda.linux@googlemail.com>

Tue, 4 Jan 2011 07:46:26 +0000 (08:46 +0100)
author Denys Vlasenko <vda.linux@googlemail.com>
Tue, 4 Jan 2011 07:46:26 +0000 (08:46 +0100)
committer Denys Vlasenko <vda.linux@googlemail.com>
Tue, 4 Jan 2011 07:46:26 +0000 (08:46 +0100)
diff --git a/archival/tar.c b/archival/tar.c

index ebaa965c051007129ec29ce543370d7516ba8a69..813f86e827e647e381df43552fb29d2b2107f3f8 100644 (file)
--- a/archival/tar.c
+++ b/archival/tar.c
@@ -23,6 +23,25 @@
   * Licensed under GPLv2 or later, see file LICENSE in this source tree.
   */
  
+/* TODO: security with -C DESTDIR option can be enhanced.
+ * Consider tar file created via:
+ * $ tar cvf bug.tar anything.txt
+ * $ ln -s /tmp symlink
+ * $ tar --append -f bug.tar symlink
+ * $ rm symlink
+ * $ mkdir symlink
+ * $ tar --append -f bug.tar symlink/evil.py
+ *
+ * This will result in an archive which contains:
+ * $ tar --list -f bug.tar
+ * anything.txt
+ * symlink
+ * symlink/evil.py
+ *
+ * Untarring it puts evil.py in '/tmp' even if the -C DESTDIR is given.
+ * This doesn't feel right, and IIRC GNU tar doesn't do that.
+ */
+
  #include <fnmatch.h>
  #include "libbb.h"
  #include "archive.h"
author	Denys Vlasenko <vda.linux@googlemail.com>
	Tue, 4 Jan 2011 07:46:26 +0000 (08:46 +0100)
committer	Denys Vlasenko <vda.linux@googlemail.com>
	Tue, 4 Jan 2011 07:46:26 +0000 (08:46 +0100)