Date: Wed, 8 Oct 2014 19:48:52 -0500 From: Jason Hellenthal <jhellenthal@dataix.net> To: Daniel Braniss <danny@cs.huji.ac.il> Cc: "hackers@freebsd.org" <hackers@freebsd.org>, Ian Lepore <ian@FreeBSD.org> Subject: Re: tar and / Message-ID: <221B7CFC-4AE2-4DAF-9E6E-565715B87172@dataix.net> In-Reply-To: <EF765340-81BE-4461-8DF4-5CAC4F5DDCD7@cs.huji.ac.il> References: <ED20B859-CDFF-4205-B7A9-A1A86AAAE1D9@cs.huji.ac.il> <FD9D0411-6043-4AAD-8EE4-6277EFBB0900@dataix.net> <EF765340-81BE-4461-8DF4-5CAC4F5DDCD7@cs.huji.ac.il>
next in thread | previous in thread | raw e-mail | index | archive | help
Damn! I thought we were past this issue long ago using relative paths instead absolute paths. Wonder what ever happened to that standard of safety. Unless I am mistaking one thing for another.
Symbolic links obviously should not be starting with "/".
Hard links on the other hand should be broken once inside a tar file and no longer referencing a previous inode. So if I understand this correctly this is what you are seeing ?
On another note from this ... I was by aware hard links could be created to anything but files ... ? So I'm confused here ?
--
Jason Hellenthal
Mobile: +1 (616) 953-0176
jhellenthal@DataIX.net
JJH48-ARIN
On Oct 8, 2014, at 01:24, Daniel Braniss <danny@cs.huji.ac.il> wrote:
A facts that I did not mention:
the tar file is created by ports when requesting ‘package’, it now adds
/usr/local
making extraction difficult for those that use nfs/amd for /usr/local
(the solution is to extract the files in /var/tmp, and re-taring without the /usr/local :-)
to my surprise, even though tar complains that it can’t do the link to /
it actually does the link!!
notice that I mentioned ‘link', not symlink! which of course brings the question why some ports insist
on link, and not symlink is beyond me.
thanks
danny
> On Oct 7, 2014, at 5:35 PM, Jason Hellenthal <jhellenthal@dataix.net> wrote:
>
> From tar(1)
>
> o Archive entries can exploit symbolic links to restore files to other directories.
> An archive can restore a symbolic link to another directory, then use that link to
> restore a file into that directory. To guard against this, tar checks each
> extracted path for symlinks. If the final path element is a symlink, it will be
> removed and replaced with the archive entry. If -U is specified, any intermediate
> symlink will also be unconditionally removed. If neither -U nor -P is specified,
> tar will refuse to extract the entry.
>
> With that stated you might want to roll through your filesystem with symlinks(1) [sysutils/symlinks]. Use of this to shorten, remove dangling etc..
>
> DESCRIPTION
> symlinks is a useful utility for maintainers of FTP sites, CDROMs, and
> Linux software distributions. It scans directories for symbolic links
> and lists them on stdout, often revealing flaws in the filesystem tree.
>
> Each link is output with a classification of relative, absolute, dan-
> gling, messy, lengthy, or other_fs.
>
> relative links are those expressed as paths relative to the directory
> in which the links reside, usually independent of the mount point of
> the filesystem.
>
> absolute links are those given as an absolute path from the root direc-
> tory as indicated by a leading slash (/).
>
> dangling links are those for which the target of the link does not cur-
> rently exist. This commonly occurs for absolute links when a filesys-
> tem is mounted at other than its customary mount point (such as when
> the normal root filesystem is mounted at /mnt after booting from alter-
> native media).
>
> messy links are links which contain unnecessary slashes or dots in the
> path. These are cleaned up as well when -c is specified.
>
> lengthy links are links which use "../" more than necessary in the path
> (eg. /bin/vi -> ../bin/vim) These are only detected when -s is speci-
> fied, and are only cleaned up when -c is also specified.
>
> other_fs are those links whose target currently resides on a different
> filesystem from where symlinks was run (most useful with -r ).
>
> Hope this helps.
>
>> On Oct 7, 2014, at 1:44, Daniel Braniss <danny@cs.huji.ac.il> wrote:
>>
>> hi,Ian Lepore <ian@FreeBSD.org>
>> for security reasons tar removes the leading /, which is fine.
>> so I can chadir to /var/tmp, and do an extract there. The problem arises when there
>> is a file that is linked to /…
>> Is there some way to drop that leading ‘/‘ too?
>>
>> cheers,
>>
>> _______________________________________________
>> freebsd-hackers@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>
> --
> Jason Hellenthal
> Mobile: +1 (616) 953-0176
> jhellenthal@DataIX.net
> JJH48-ARIN
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?221B7CFC-4AE2-4DAF-9E6E-565715B87172>