Re: tar deletes symlink on extract (fwd)
---------- Forwarded message ----------
Received: from alcor.twinsun.com ([198.147.65.9])
by yakko.doogie.org with esmtp (Exim 3.12 #1 (Debian))
id 12lhBU-0000O3-00
for <adam@doogie.org>; Sat, 29 Apr 2000 19:02:04 -0500
Received: from green-office.twinsun.com ([192.54.239.71]) by
alcor.twinsun.com (8.9.3/8.9.3) with ESMTP id RAA20041; Sat,
29 Apr 2000 17:00:30 -0700 (PDT)
Received: (eggert@localhost) by green-office.twinsun.com (8.9.3+Sun/8.9.3)
id RAA03895; Sat, 29 Apr 2000 17:00:30 -0700 (PDT)
Date: Sat, 29 Apr 2000 17:00:30 -0700 (PDT)
From: Paul Eggert <eggert@twinsun.com>
Message-Id: <200004300000.RAA03895@green-office.twinsun.com>
To: bdale@gag.com
CC: bug-tar@gnu.org, 63161-forwarded@bugs.debian.org, adam@doogie.org
In-reply-to: <20000429230237.9A96C1EA73@rover.gag.com> (bdale@gag.com)
Subject: Re: tar deletes symlink on extract
References: <20000429230237.9A96C1EA73@rover.gag.com>
Date: Thu, 27 Apr 2000 12:34:55 -0500 (CDT)
From: Adam Heath <adam@doogie.org>
It changed the symlink to a dir, and broke my system.
Granted, this is easy to fix, but this is very bad.
tar's behavior is needed to avoid a security bug where an intruder
plants a symbolic link to a victim file just before root (or some
other user) uses tar to extract a file with the same name as the
victim file. tar can't tell the difference between your
/usr->mount/usr symlink and an intruder's symlink.
Sorry about the behavior change, but I couldn't see any other way to
plug the security hole. The security hole is apparently a real
problem in practice: I've gotten multiple bug reports about it, and am
still getting reports about older versions.
To work around the problem, use the --overwrite option of tar 1.13.16
or later; this restores the old, insecure behavior. For more details,
please see tar's NEWS file.
Reply to: