[Stable 7] CPIO breakage/
Sean
sean at gothic.net.au
Thu Jun 17 21:54:21 UTC 2010
On 18/06/2010 6:53 AM, Peter Jeremy wrote:
> On 2010-Jun-15 17:22:50 -0700, Xin LI <delphij at delphij.net> wrote:
>> On 2010/06/15 17:05, Sean Bruno wrote:
>>> A little more background. It looks like symlinks are getting stripped
>>> of their '/' which sucks. Ideas?
> ...
>>> e.g. /home/foo/bar -> /opt/baz/blob
>>>
>>> becomes
>>>
>>> home/foo/bar -> opt/baz/blob
>>>
>>> Yuck.
>>
>> This is a security measurement I think.
>
> Can someone please explain how stripping a leading '/' off the
> destination of a symlink enhances security? The destination is
> not being written to.
>
Easy.
Create a symlink etc, to /etc
Create a file etc/passwd containing whatever you want.
Of course, a better way to deal with that is to chroot, seeing you could
probably use ../../../../../../../../../../../../.../../../../etc
instead of /etc and get the same effect, and I don't know that tar tries
to prevent that; tar has the --chroot option.
>> --absolute-filenames disables this behavior.
>
> This definitely reduces security and would seem to be far more
> dangerous than being able to create symlinks to absolute pathnames.
>
--
Sean Winn
sean at gothic.net.au
More information about the freebsd-stable
mailing list