From owner-freebsd-stable@FreeBSD.ORG Thu Jun 17 21:54:21 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB13F1065675 for ; Thu, 17 Jun 2010 21:54:21 +0000 (UTC) (envelope-from sean@gothic.net.au) Received: from visi.gothic.net.au (visi.gothic.net.au [115.64.131.102]) by mx1.freebsd.org (Postfix) with ESMTP id DA8498FC08 for ; Thu, 17 Jun 2010 21:54:18 +0000 (UTC) Received: from visi.gothic.net.au (localhost [127.0.0.1]) by visi.gothic.net.au (Postfix) with ESMTP id 1E3DA2B6D2 for ; Fri, 18 Jun 2010 07:54:14 +1000 (EST) X-Virus-Scanned: amavisd-new at gothic.net.au Received: from localhost ([127.0.0.1]) by visi.gothic.net.au (visi.gothic.net.au [127.0.0.1]) (amavisd-new, port 10026) with SMTP id 7FYD3EsGtadL for ; Fri, 18 Jun 2010 07:54:09 +1000 (EST) Received: from [10.168.1.181] (dhcp181.gothic.net.au [10.168.1.181]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: sean) by visi.gothic.net.au (Postfix) with ESMTPSA id 434FB2B6C3 for ; Fri, 18 Jun 2010 07:54:09 +1000 (EST) Message-ID: <4C1A9989.3090507@gothic.net.au> Date: Fri, 18 Jun 2010 07:54:17 +1000 From: Sean User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <1276639800.2462.80.camel@localhost.localdomain> <1276646707.2462.82.camel@localhost.localdomain> <4C18195A.3020501@delphij.net> <20100617205302.GA60347@server.vk2pj.dyndns.org> In-Reply-To: <20100617205302.GA60347@server.vk2pj.dyndns.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [Stable 7] CPIO breakage/ X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2010 21:54:21 -0000 On 18/06/2010 6:53 AM, Peter Jeremy wrote: > On 2010-Jun-15 17:22:50 -0700, Xin LI wrote: >> On 2010/06/15 17:05, Sean Bruno wrote: >>> A little more background. It looks like symlinks are getting stripped >>> of their '/' which sucks. Ideas? > ... >>> e.g. /home/foo/bar -> /opt/baz/blob >>> >>> becomes >>> >>> home/foo/bar -> opt/baz/blob >>> >>> Yuck. >> >> This is a security measurement I think. > > Can someone please explain how stripping a leading '/' off the > destination of a symlink enhances security? The destination is > not being written to. > Easy. Create a symlink etc, to /etc Create a file etc/passwd containing whatever you want. Of course, a better way to deal with that is to chroot, seeing you could probably use ../../../../../../../../../../../../.../../../../etc instead of /etc and get the same effect, and I don't know that tar tries to prevent that; tar has the --chroot option. >> --absolute-filenames disables this behavior. > > This definitely reduces security and would seem to be far more > dangerous than being able to create symlinks to absolute pathnames. > -- Sean Winn sean@gothic.net.au