Re: bin/54467: new tar overwrites symlinks to directories

[John Nemeth <jnemeth%cue.bc.ca@localhost>]

The following reply was made to PR bin/54467; it has been noted by GNATS.

From: John Nemeth <jnemeth%cue.bc.ca@localhost>
To: Joerg Sonnenberger <joerg%bec.de@localhost>, Christos Zoulas <christos%zoulas.com@localhost>
Cc: gnats-bugs%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost,
        "martin%netbsd.org@localhost" <martin%NetBSD.org@localhost>
Subject: Re: bin/54467: new tar overwrites symlinks to directories
Date: Sun, 18 Aug 2019 15:09:48 -0700

 On Aug 18, 11:21pm, Joerg Sonnenberger wrote:
 } On Sun, Aug 18, 2019 at 07:12:59PM +0300, Christos Zoulas wrote:
 } > 
 } > > 
 } > > If you allow symlinks tricks, you can just allow absolute path names
 } > > too. It really doesn't make any difference as attack vector.
 } > 
 } > I am not talking about an attack vector, I am just saying that the behavior
 } > of extracting a tar archive having absolute symlinks in it, will change with -P...
 } > I do understand the ramifications of allowing symlinks, I just want to replicate
 } > the behavior of our current tar.
 } 
 } The behavior is not so much about relative or absolute symlinks, but
 } about symlinks used as of a longer path. The pax behavior is IMO a
 } major security issue and I don't think "supporting" it alone makes any
 } sense.
 
      Regardless of any kind of question of "purity" (including in
 the name of security), it is absolutely unacceptable for the sysinst
 upgrade process to break people's systems.  If having sysinst use
 the -P option by default stops it from breaking people's systems,
 then so be it.
 
 }-- End of excerpt from Joerg Sonnenberger