[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox-cvs
Subject: [Bug 8411] Directory traversal via crafted tar file which contains a symlink pointing outside of the
From: bugzilla () busybox ! net
Date: 2015-11-10 0:53:14
Message-ID: 20151110005314.3AC1181E7F () busybox ! osuosl ! org
[Download RAW message or body]
https://bugs.busybox.net/show_bug.cgi?id=8411
--- Comment #11 from Tyler Hicks <tyhicks@canonical.com> 2015-11-10 00:53:13 UTC ---
(In reply to comment #0)
> I took a quick look at how GNU tar handles such situations. If the symlink
> target is absolute or contains a ".." component, they create a regular file as
> a placeholder. After all other files have been extracted, the placeholder files
> are replaced with the originally intended symlinks.
>
> (That is also how they handle hardlink extraction but I don't see any support
> for LNKTYPE files in busybox tar.)
I was wrong about hardlinks. They're supported in busybox's libarchive and
they're also vulnerable. From archival/libarchive/data_extract_all.c:
/* Handle hard links separately
* We encode hard links as regular files of size 0 with a symlink */
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
busybox-cvs mailing list
busybox-cvs@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox-cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic