this post was submitted on 12 Mar 2024
34 points (94.7% liked)

Linux

48338 readers
730 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Solved

After interesting/insightful inputs from different users, here are the takeaways:

  • It doesn't have some critical or dangerous impact or implications when extracted
  • It contains the tared parent folder (see below for some neat tricks)
  • It only overwrites the owner/permission if ./ itself is included in the tar file as a directory.
  • Tarbombs are specially crafted tar archives with absolute paths / (by default (GNU) tar strips absolute paths and will throw a warning except if used with a special option –absolute-names or -P)
  • Interesting read: Path-traversal vulnerability (../)

Some neat trick I learned from the post

Temporarily created subshell with its own environment:

Let’s say you’re in the home directory that’s called /home/joe. You could go something like:

> (cd bin && pwd) && pwd
/home/joe/bin
/home/joe

source

Exclude parent folder and ./ ./file from tar

There are probably a lot of different ways to achieve that expected goal:

(cd mydir/ && tar -czvf mydir.tgz *)

find mydir/ -printf "%P\n" | tar -czf mytar.tgz --no-recursion -C mydir/ -T - source


~~The absolute path could overwrite my directory structure (tarbomb) source Will overwrite permission/owner to the current directory if extracted. source~~

I'm sorry if my question wasn't clear enough, I'm really doing my best to be as comprehensible as possible :/


Hi everyone !

I'm playing a bit around with tar to understand how it works under the hood. While poking around and searching through the web I couldn't find an actual answer, on what are the implication of ./ and ./file structure in the tar archive.

Output 1

sudo find ./testar -maxdepth 1 -type d,f -printf "%P\n" | sudo tar -czvf ./xtractar/tar1/testbackup1.tgz -C ./testar -T -
#output
> tar tf tar1/testbackup1.tgz 

text.tz
test
my
file.txt
.testzero
test01/
test01/never.xml
test01/file.exe
test01/file.tar
test01/files
test01/.testfiles
My test folder.txt

Output 2

sudo find ./testar -maxdepth 1 -type d,f  | sudo tar -czvf ./xtractar/tar2/testbackup2.tgz -C ./testar -T -
#output
>tar tf tar2/testbackup2.tgz

./testar/
./testar/text.tz
./testar/test
./testar/my
./testar/file.txt
./testar/.testzero
./testar/test01/
./testar/test01/never.xml
./testar/test01/file.exe
./testar/test01/file.tar
./testar/test01/files
./testar/test01/.testfiles
./testar/My test folder.txt
./testar/text.tz
./testar/test
./testar/my
./testar/file.txt
./testar/.testzero
./testar/test01/
./testar/test01/never.xml
./testar/test01/file.exe
./testar/test01/file.tar
./testar/test01/files
./testar/test01/.testfiles
./testar/My test folder.txt

The outputs are clearly different and if I extract them both the only difference I see is that the second outputs the parent folder. But reading here and here this is not a good solution? But nobody actually says why?

Has anyone a good explanation why the second way is bad practice? Or not recommended?

Thank you :)

you are viewing a single comment's thread
view the rest of the comments
[–] N0x0n@lemmy.ml 2 points 8 months ago (7 children)

Haha, thank you xD I think I wouldn't lose my sleep over it, except if I tarbomb my server !! My question was probably baddly written, but this kind of structure could actually be dangerous !

[–] SpaceCadet@feddit.nl 2 points 8 months ago (6 children)

this kind of structure could actually be dangerous

citation needed

I mean, tarbombs exist, but not because of the leading ./ as far as I know and they're usually specifically crafted tar files to create harm, not something you accidentally create yourself while tarring stuff.

[–] N0x0n@lemmy.ml 1 points 8 months ago (5 children)

You're right :) In my current example it's probably "harmless" if extracted properly in a separated folder. Maybe I do not understand how it works (please educate me :)) but if my tar contains the following folder./home/user/ and I extract it in my current home folder (which would be kinda stupid but It happens) this will overwrite the home folder (which is the principle of a tarbomb? mess up and overwrite directories?).

A related problem is the use of absolute paths or parent directory references when creating tar files. Files extracted from such archives will often be created in unusual locations outside the working directory and, like a tarbomb, have the potential to overwrite existing files. However, modern versions of FreeBSD and GNU tar do not create or extract absolute paths and parent-directory references by default, unless it is explicitly allowed with the flag -P or the option --absolute-names. source

There's still another odd behavior with ./ ! When extracted it will overwrite the permission/owner to the current directory source

[–] SpaceCadet@feddit.nl 1 points 8 months ago

There’s still another odd behavior with ./ ! When extracted it will overwrite the permission/owner to the current directory source

Only if ./ itself is included in the tar file as a directory.

load more comments (4 replies)
load more comments (4 replies)
load more comments (4 replies)