[Bug 8411] Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
bugzilla at busybox.net
bugzilla at busybox.net
Tue Nov 10 00:53:14 UTC 2015
https://bugs.busybox.net/show_bug.cgi?id=8411
--- Comment #11 from Tyler Hicks <tyhicks at canonical.com> 2015-11-10 00:53:13 UTC ---
(In reply to comment #0)
> I took a quick look at how GNU tar handles such situations. If the symlink
> target is absolute or contains a ".." component, they create a regular file as
> a placeholder. After all other files have been extracted, the placeholder files
> are replaced with the originally intended symlinks.
>
> (That is also how they handle hardlink extraction but I don't see any support
> for LNKTYPE files in busybox tar.)
I was wrong about hardlinks. They're supported in busybox's libarchive and
they're also vulnerable. From archival/libarchive/data_extract_all.c:
/* Handle hard links separately
* We encode hard links as regular files of size 0 with a symlink */
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list