Re: RE: Is FreeBSD's tar susceptible to this?

From: f.johan.beisser (jan@caustic.org)
Date: 10/02/02

• Next message: Brett Glass: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
• Previous message: Don Lewis: "Re: RE: Is FreeBSD's tar susceptible to this?"
• In reply to: Don Lewis: "Re: RE: Is FreeBSD's tar susceptible to this?"
• Next in thread: Don Lewis: "Re: RE: Is FreeBSD's tar susceptible to this?"
• Reply: Don Lewis: "Re: RE: Is FreeBSD's tar susceptible to this?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 1 Oct 2002 16:07:31 -0700 (PDT)
From: "f.johan.beisser" <jan@caustic.org>
To: Don Lewis <dl-freebsd@catspoiler.org>

On Tue, 1 Oct 2002, Don Lewis wrote:

> What if the tarball installs a symlink to / under the current directory
> followed by files that are unpacked underneath the symlink name? A
> simple fix for the initial problem mentioned in this thread isn't
> sufficient.

i don't believe that tar(1) will allow you to do that by default.

i know for a fact that OpenBSD won't do it by default, you have to specify
that you want it to follow symlinks:

     -L Follow all symlinks. In extract mode this means that a di-
        rectory entry in the archive will not overwrite an existing
        symbolic link, but rather what the link ultimately points
        to.

> This is hardly a new problem. Here's a 1998 BUGTRAQ message:

and, i believe that's been addressed aswell. should have been, considering
it's 4 years old now.

-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan jan@caustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Brett Glass: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
• Previous message: Don Lewis: "Re: RE: Is FreeBSD's tar susceptible to this?"
• In reply to: Don Lewis: "Re: RE: Is FreeBSD's tar susceptible to this?"
• Next in thread: Don Lewis: "Re: RE: Is FreeBSD's tar susceptible to this?"
• Reply: Don Lewis: "Re: RE: Is FreeBSD's tar susceptible to this?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [opensuse] Re:cClear as mud! Samba & symlinks (is broken in after 3.5.4)... ... whenever samba comes up. ... all that broke when the patch to disable wide links + unix extensions went in. ... Version 3.5.2 was immediately released to fix this. ... Then came 3.5.3 -- which also contained the fix for the above symlink 'attack' ... (SuSE) [PATCH 0/2]v2 configfs: symlink() fixes ... [applies on top of the previously submitted renamevs rmdirdeadlock fix] ... rmdir() fail in the symlink's parent and in the symlink's target as well. ... instantiate the new symlink in the VFS. ... configfs: Fix symlinkto a removing item ... (Linux-Kernel) Re: 2.6.19-rc3-mm1 -- missing network adaptors ... I think acpi is now being fingered here, ... The deprecated stuff does not fix it, ... Seems the directory -> symlink ... there is no userspace change. ... (Linux-Kernel) [PATCH][BUGFIX] configfs: Fix symlink() to a removing item ... the following patch fixes the symlink bug I mentioned a few days ago. ... [Applies on top of renamevs rmdirdeadlock fix patchset] ... rmdir fail: if symlinkraces with rmdirof the parent directory (or its ... (Linux-Kernel) Re: Where the heck is mailx ... Yeah I missed something. ... mailx is just a symlink to mail. ... But this doesn't really fix the problem I'm having now, which is my script doesn't run as mail requires a CTRL+D in order to send the message. ... (RedHat)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-10