tar and /

Jason Hellenthal jhellenthal at dataix.net
Thu Oct 9 00:48:57 UTC 2014


Damn! I thought we were past this issue long ago using relative paths instead absolute paths. Wonder what ever happened to that standard of safety. Unless I am mistaking one thing for another.

Symbolic links obviously should not be starting with "/". 

Hard links on the other hand should be broken once inside a tar file and no longer referencing a previous inode. So if I understand this correctly this is what you are seeing ?

On another note from this ... I was by aware hard links could be created to anything but files ... ? So I'm confused here ?

-- 
 Jason Hellenthal
 Mobile: +1 (616) 953-0176
 jhellenthal at DataIX.net
 JJH48-ARIN

On Oct 8, 2014, at 01:24, Daniel Braniss <danny at cs.huji.ac.il> wrote:

A facts that I did not mention:
   the tar file is created by ports when requesting ‘package’, it now adds
       /usr/local
making extraction difficult for those that use nfs/amd for /usr/local
(the solution is to extract the files in /var/tmp, and re-taring without the /usr/local :-)

to my surprise, even though tar complains that it can’t do the link to /
it actually does the link!!
notice that I mentioned ‘link', not symlink! which of course brings the question why some ports insist
on link, and  not symlink is beyond me.

thanks
   danny

> On Oct 7, 2014, at 5:35 PM, Jason Hellenthal <jhellenthal at dataix.net> wrote:
> 
> From tar(1)
> 
>    o       Archive entries can exploit symbolic links to restore files to other directories.
>            An archive can restore a symbolic link to another directory, then use that link to
>            restore a file into that directory.  To guard against this, tar checks each
>            extracted path for symlinks.  If the final path element is a symlink, it will be
>            removed and replaced with the archive entry.  If -U is specified, any intermediate
>            symlink will also be unconditionally removed.  If neither -U nor -P is specified,
>            tar will refuse to extract the entry.
> 
> With that stated you might want to roll through your filesystem with symlinks(1) [sysutils/symlinks]. Use of this to shorten, remove dangling etc..
> 
> DESCRIPTION
>      symlinks  is a useful utility for maintainers of FTP sites, CDROMs, and
>      Linux software distributions.  It scans directories for symbolic  links
>      and lists them on stdout, often revealing flaws in the filesystem tree.
> 
>      Each link is output with a classification of relative,  absolute,  dan-
>      gling, messy, lengthy, or other_fs.
> 
>      relative  links  are those expressed as paths relative to the directory
>      in which the links reside, usually independent of the  mount  point  of
>      the filesystem.
> 
>      absolute links are those given as an absolute path from the root direc-
>      tory as indicated by a leading slash (/).
> 
>      dangling links are those for which the target of the link does not cur-
>      rently  exist.  This commonly occurs for absolute links when a filesys-
>      tem is mounted at other than its customary mount point  (such  as  when
>      the normal root filesystem is mounted at /mnt after booting from alter-
>      native media).
> 
>      messy links are links which contain unnecessary slashes or dots in  the
>      path.  These are cleaned up as well when -c is specified.
> 
>      lengthy links are links which use "../" more than necessary in the path
>      (eg.  /bin/vi -> ../bin/vim) These are only detected when -s is  speci-
>      fied, and are only cleaned up when -c is also specified.
> 
>      other_fs  are those links whose target currently resides on a different
>      filesystem from where symlinks was run (most useful with -r ).
> 
> Hope this helps.
> 
>> On Oct 7, 2014, at 1:44, Daniel Braniss <danny at cs.huji.ac.il> wrote:
>> 
>> hi,Ian Lepore <ian at FreeBSD.org>
>> for security reasons tar removes the leading /, which is fine.
>> so I can chadir to /var/tmp, and do an extract there. The problem arises when there
>> is a file that is linked to /…
>> Is there some way to drop that leading ‘/‘ too?
>> 
>> cheers,
>> 
>> _______________________________________________
>> freebsd-hackers at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
> 
> -- 
> Jason Hellenthal
> Mobile: +1 (616) 953-0176
> jhellenthal at DataIX.net
> JJH48-ARIN



More information about the freebsd-hackers mailing list