Skip site navigation (1)Skip section navigation (2) 
Date:      12 Nov 2001 12:46:41 -0000
From:      Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   gnu/31929: GNU Tar shipped with FreeBSD handles relative paths
Message-ID:  <20011112124641.26756.qmail@lagoon.freebsd.lublin.pl>
next in thread | raw e-mail | index | archive | help 

>Number:         31929
>Category:       gnu
>Synopsis:       GNU Tar shipped with FreeBSD handles relative paths
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 12 04:50:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Przemyslaw Frasunek
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
czuby.net
>Environment:

System: FreeBSD lagoon.freebsd.lublin.pl 4.4-STABLE FreeBSD 4.4-STABLE #0: Sat Sep 15 12:00:15 CEST 2001 root@riget.scene.pl:/mnt/lagoon/usr/src/sys/compile/RIGET i386

>Description:

FreeBSD ships old version of GNU Tar, which allows to overwrite any file in
system, when unpacking archive. Additionally, Tar changes permissions
of current directory to 0755, when unpacking malformed archive, containing ".".
Both problems were fixed some time ago and most recent version of GNU Tar is
secure.

This problem can expose security risk for mail anti-virus scanners.

>How-To-Repeat:

First problem:

riget:root:/tmp# touch /etc/test
riget:root:/tmp# tar -cf test.tar ../../../../../../etc/test
riget:root:/tmp# rm /etc/test
riget:root:/tmp# tar -xf test.tar
riget:root:/tmp# ls -la /etc/test
-rw-r--r--  1 root  wheel  0 12 Lis 13:43 /etc/test

Second problem:

riget:root:/tmp/dupa# tar -cvf test.tar .
./
tar: test.tar is the archive; not dumped
riget:root:/tmp/dupa# chmod 700 .
riget:root:/tmp/dupa# tar -xf test.tar
riget:root:/tmp/dupa# ls -ld .
drwxr-xr-x  2 root  wheel  512 12 Lis 13:44 .

>Fix:

Upgrade GNU Tar from base system to most recent version.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011112124641.26756.qmail>