>Number:         30191
>Category:       bin
>Synopsis:       tar fails to overwrite symbolic links
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed May 11 01:30:00 +0000 2005
>Originator:     Jukka Salmi
>Release:        NetBSD 3.99.3
>Environment:
System: NetBSD moray.salmi.ch 3.99.3 NetBSD 3.99.3 (GENERIC.APM) #0: Fri May 6 14:31:08 CEST 2005 build@moray.salmi.ch:/build/nbsd/i386/sys/arch/i386/compile/GENERIC.APM i386
Architecture: i386
Machine: i386
>Description:
since pax was [1]changed some weeks ago (the `--insecure' option was
modified to "do something"), tar fails to overwrite symbolic links.

This happens because in in src/bin/pax/ar_subs.c's path_check(), realpath(3)
resolves symbolic links if they exist in the file system, and thus not the
link itself but the link's target is taken into account when checking whether
it's outside the working directory or not.

[1] http://mail-index.netbsd.org/source-changes/2005/04/24/0008.html
>How-To-Repeat:
$ mkdir /tmp/test && cd /tmp/test
$ tar -xzf .../base.tgz
$ ls -l dev/log
lrwxr-xr-x  1 root  wheel  12 May  5 21:42 dev/log -> /var/run/log
$ ln -sf /foo dev/log
$ ls -l dev/log
lrwxr-xr-x  1 root  wheel  4 May 11 01:30 dev/log -> /foo
$ tar -xzf .../base.tgz
tar: Attempt to write file `/foo' outside current working directory `/tmp/test' ignored
[...]
$ ls -l dev/log
lrwxr-xr-x  1 root  wheel  4 May 11 01:34 dev/log -> /foo

Using the `--insecure' option works around this problem:

$ tar --insecure -xzf .../base.tgz
$ ls -l dev/log
lrwxr-xr-x  1 root  wheel  12 May  5 21:42 dev/log -> /var/run/log
>Fix:
n/a