[Ilugc] TAR security

• From: masatran@xxxxxxxxxxxxxxxxxxx (Masatran, R. Deepak)
• Date: Sat Jul 5 15:46:19 2008

* Arun Khan <knura@xxxxxxxxx> 2008-07-03

(3) What if it violates the Unix convention of extracting 
the contents in a sub-directory?

Then you have a compromised version of tar.  This could happen with any 
command e.g. a compromised rm could wipe out your system (presuming 
that you are doing this with root privilege)

It is the responsibility of the archive creator to follow the convention.
What if the archive was created from within the directory, ie, what if:

    cd foo && tar -cf ../foo.tar *

was used? The above command is perfectly legal, the problem with it is that
it violates the convention. The correct command is:

    tar -cf foo.tar foo

Malicious tricks are also possible: For example, if I am extracting
something in my home directory, what if the archive overwrote .bash_profile
or .bashrc ?

-- 
Masatran, R. Deepak <http://research.iiit.ac.in/~masatran/>

• References:
  • [Ilugc] TAR security
    • From: Masatran, R. Deepak
  • [Ilugc] TAR security
    • From: Arun Khan

Other related posts:

• » [Ilugc] TAR security- Masatran, R. Deepak
• » [Ilugc] TAR security- Arun Khan
• » [Ilugc] TAR security- Kapil Hari Paranjape
• » [Ilugc] TAR security - Masatran, R. Deepak
• » [Ilugc] TAR security- Kapil Hari Paranjape

1. Home
2. ilugc
3. Archive
4. 07-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---