Date: 12 Nov 2001 12:46:41 -0000 From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl> To: FreeBSD-gnats-submit@freebsd.org Subject: gnu/31929: GNU Tar shipped with FreeBSD handles relative paths Message-ID: <20011112124641.26756.qmail@lagoon.freebsd.lublin.pl>
next in thread | raw e-mail | index | archive | help
>Number: 31929 >Category: gnu >Synopsis: GNU Tar shipped with FreeBSD handles relative paths >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Nov 12 04:50:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Przemyslaw Frasunek >Release: FreeBSD 4.4-STABLE i386 >Organization: czuby.net >Environment: System: FreeBSD lagoon.freebsd.lublin.pl 4.4-STABLE FreeBSD 4.4-STABLE #0: Sat Sep 15 12:00:15 CEST 2001 root@riget.scene.pl:/mnt/lagoon/usr/src/sys/compile/RIGET i386 >Description: FreeBSD ships old version of GNU Tar, which allows to overwrite any file in system, when unpacking archive. Additionally, Tar changes permissions of current directory to 0755, when unpacking malformed archive, containing ".". Both problems were fixed some time ago and most recent version of GNU Tar is secure. This problem can expose security risk for mail anti-virus scanners. >How-To-Repeat: First problem: riget:root:/tmp# touch /etc/test riget:root:/tmp# tar -cf test.tar ../../../../../../etc/test riget:root:/tmp# rm /etc/test riget:root:/tmp# tar -xf test.tar riget:root:/tmp# ls -la /etc/test -rw-r--r-- 1 root wheel 0 12 Lis 13:43 /etc/test Second problem: riget:root:/tmp/dupa# tar -cvf test.tar . ./ tar: test.tar is the archive; not dumped riget:root:/tmp/dupa# chmod 700 . riget:root:/tmp/dupa# tar -xf test.tar riget:root:/tmp/dupa# ls -ld . drwxr-xr-x 2 root wheel 512 12 Lis 13:44 . >Fix: Upgrade GNU Tar from base system to most recent version. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011112124641.26756.qmail>