2 issues with tar
Denys Vlasenko
vda.linux at googlemail.com
Wed Mar 2 00:34:12 UTC 2011
On Wednesday 02 March 2011 00:58, Denys Vlasenko wrote:
> On Tuesday 01 March 2011 21:14, Alexander Shishkin wrote:
> > On 1 March 2011 18:18, Denys Vlasenko <vda.linux at googlemail.com> wrote:
> > > On Monday 28 February 2011 09:23, Alexey Soloviev wrote:
> > >> Hello,
> > >> Met 2 problems with tar and wander if they are new or known.
> > >>
> > >> Issue 1: tar doesn't restore files or directories added with relative
> > >> name starting with "../"
> > >> Scenario:
> > >> busybox tar -c -f archive.tar ../tobearchived
> > >> busybox tar -xf archive.tar
> > >> tar: name with '..' encountered: '../tobearchived'
> > >>
> > >> Gnu tar removes ../ from paths of archived files and directories, while
> > >> busybox's tar doesn't.
> > >> Should it be fixed?
> > >> Note that archive created by busybox tar on the 1st step can be restored
> > >> by gnu tar but not by busybox's.
> > >
> > > Proposed patch.
> >
> > This doesn't address the archive creation case, in which GNU tar would strip
> > the /../ just as well.
>
> Doesn't look like it's worth fixing, since unpacking code must be prepared
> to see malicious tarballs anyway.
Hmm... it turned out that fixing it actually decreased code size.
I committed the fix to git:
http://git.busybox.net/busybox/commit/?id=b80acf58f16339078da5cbee88a322f2450aa2ad
Thanks!
--
vda
More information about the busybox
mailing list