From: Denys Vlasenko Date: Tue, 4 Jan 2011 07:46:26 +0000 (+0100) Subject: tar: add a note about -C and symlink-in-tarball attack X-Git-Tag: 1_19_0~419 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a116552869db5e7793ae10968eb3c962c69b3d8c;p=oweals%2Fbusybox.git tar: add a note about -C and symlink-in-tarball attack Signed-off-by: Denys Vlasenko --- diff --git a/archival/tar.c b/archival/tar.c index ebaa965c0..813f86e82 100644 --- a/archival/tar.c +++ b/archival/tar.c @@ -23,6 +23,25 @@ * Licensed under GPLv2 or later, see file LICENSE in this source tree. */ +/* TODO: security with -C DESTDIR option can be enhanced. + * Consider tar file created via: + * $ tar cvf bug.tar anything.txt + * $ ln -s /tmp symlink + * $ tar --append -f bug.tar symlink + * $ rm symlink + * $ mkdir symlink + * $ tar --append -f bug.tar symlink/evil.py + * + * This will result in an archive which contains: + * $ tar --list -f bug.tar + * anything.txt + * symlink + * symlink/evil.py + * + * Untarring it puts evil.py in '/tmp' even if the -C DESTDIR is given. + * This doesn't feel right, and IIRC GNU tar doesn't do that. + */ + #include #include "libbb.h" #include "archive.h"