tar: postpone creation of symlinks with "suspicious" targets. Closes 8411

function old new delta data_extract_all 968 1038 +70 tar_main 952 986 +34 scan_tree 258 262 +4 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 3/0 up/down: 108/0) Total: 108 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2017-07-24 17:20:13 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2017-07-24 17:20:13 +0200
commit: b920a38dc0a87f5884444d4731a8b887b5e16018 (patch)
tree: 5d845976a9471e705183db9afbbe7885e9070b52 /archival/tar_symlink_attack
parent: c810978552bc0133ba723ababaa178c8d53256e1 (diff)
download: busybox-b920a38dc0a87f5884444d4731a8b887b5e16018.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/archival/tar_symlink_attack b/archival/tar_symlink_attack
new file mode 100755
index 000000000..35455f200
--- /dev/null
+++ b/archival/tar_symlink_attack
@@ -0,0 +1,16 @@
+#!/bin/sh
+# Makes "symlink attack" tarball (needs GNU tar for --append)
+
+true >anything.txt
+tar cvf tar_symlink_attack.tar anything.txt
+rm anything.txt
+
+ln -s /tmp symlink
+tar --append -f tar_symlink_attack.tar symlink
+rm symlink
+
+mkdir symlink
+echo BUG >symlink/bb_test_evilfile
+tar --append -f tar_symlink_attack.tar symlink/bb_test_evilfile
+rm symlink/bb_test_evilfile
+rmdir symlink
author	Denys Vlasenko <vda.linux@googlemail.com>	2017-07-24 17:20:13 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2017-07-24 17:20:13 +0200
commit	b920a38dc0a87f5884444d4731a8b887b5e16018 (patch)
tree	5d845976a9471e705183db9afbbe7885e9070b52 /archival/tar_symlink_attack
parent	c810978552bc0133ba723ababaa178c8d53256e1 (diff)
download	busybox-b920a38dc0a87f5884444d4731a8b887b5e16018.tar.gz