From owner-freebsd-current@FreeBSD.ORG Fri May 21 12:11:33 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 71FEF16A4CE for ; Fri, 21 May 2004 12:11:33 -0700 (PDT) Received: from kientzle.com (h-66-166-149-50.snvacaid.covad.net [66.166.149.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BCEE43D45 for ; Fri, 21 May 2004 12:11:33 -0700 (PDT) (envelope-from kientzle@freebsd.org) Received: from freebsd.org (p54.kientzle.com [66.166.149.54]) by kientzle.com (8.12.9/8.12.9) with ESMTP id i4LJAi90059977; Fri, 21 May 2004 12:10:44 -0700 (PDT) (envelope-from kientzle@freebsd.org) Message-ID: <40AE542F.1060905@freebsd.org> Date: Fri, 21 May 2004 12:10:39 -0700 From: Tim Kientzle User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20031006 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pete Carah References: <20040521180520.GA79342@users.altadena.net> In-Reply-To: <20040521180520.GA79342@users.altadena.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: current@freebsd.org Subject: Re: Tar problem X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 May 2004 19:11:33 -0000 Pete Carah wrote: > When I unpack the ports collection, the symlink > has been overwritten with the real directory This is deliberate; bsdtar does essentially the same thing. With bsdtar, -P will prevent this behavior. (In bsdtar, -P means "leave my (P)athnames alone, damnit!" ;-) I don't know if there's any way to prevent this behavior with gtar. If you have a recent -CURRENT system, read the "SECURITY" section of bsdtar.1 to understand why the default is what it is. It's a matter of POLA, not POSIX, coupled with a growing awareness that there are malicious people out there trying to trick people into doing unpleasant things. I'm not sure about gtar, but bsdtar does the symlink check always starting from the current directory, so you chould chdir to the other disk, extract, then possibly adjust things afterwards. Tim Kientzle P.S. Here's the "SECURITY" section from bsdtar.1, for those who haven't been tracking -CURRENT recently: SECURITY Certain security issues are common to many archiving programs, including bsdtar. In particular, carefully-crafted archives can request bsdtar to extract files to locations outside of the target directory. This can potentially be used to cause unwitting users to overwrite files they did not intend to overwrite. If the archive is being extracted by the superuser, any file on the system can potentially be overwritten. There are three ways this can happen. Although bsdtar has mechanisms to protect against each one, savvy users should be aware of the implications: o Archive entries can have absolute pathnames. By default, bsdtar removes the leading / character from filenames before restoring them to gaurd against this problem. o Archive entries can have pathnames that include .. components. By default, bsdtar will not extract files containing .. compo- nents in their pathname. o Archive entries can exploit symbolic links to restore files to other directories. An archive can restore a symbolic link to another directory, then use that link to restore a file into that directory. To gaurd against this, bsdtar checks each extracted path for symlinks. If the final path element is a symlink, it will be removed and replaced with the archive entry. If -U is specified, any intermediate symlink will also be unconditionally removed. If neither -U nor -P is specified, bsdtar will refuse to extract the entry. To protect yourself, you should be wary of any archives that come from untrusted sources. You should examine the contents of an archive with bsdtar -tf filename before extraction. You should use the -k option to ensure that bsdtar will not overwrite any existing files or the -U option to remove any pre-existing files. You should generally not extract archives while running with super-user privileges. Note that the -P option to bsdtar disables the security checks above and allows you to extract an archive while preserving any absolute pathnames, .. components, or symlinks to other directories.