emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tar: postpone creation of symlinks with "suspicious" targets. Closes 8411

Browse Source 
function                                             old     new   delta
data_extract_all                                     968    1038     +70
tar_main                                             952     986     +34
scan_tree                                            258     262      +4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/0 up/down: 108/0)             Total: 108 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko
2017-07-24 17:20:13 +02:00
parent c810978552
commit b920a38dc0
6 changed files with 130 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
archival/tar_symlink_attack Executable file
View File

@@ -0,0 +1,16 @@
#!/bin/sh
# Makes "symlink attack" tarball (needs GNU tar for --append)
true >anything.txt
tar cvf tar_symlink_attack.tar anything.txt
rm anything.txt
ln -s /tmp symlink
tar --append -f tar_symlink_attack.tar symlink
rm symlink
mkdir symlink
echo BUG >symlink/bb_test_evilfile
tar --append -f tar_symlink_attack.tar symlink/bb_test_evilfile
rm symlink/bb_test_evilfile
rmdir symlink