On 05/08/17 20:23, Radostin Stoyanov wrote:
> By default tar strips leading '/'s from file names. However
> if we have a symlink inside an archive with link which starts
> with '/' then this slash will be removed. [1]
>
> This will result as error "Cannot open:Permission denied" [2]
> when tar tries to create the symlink with the invalid target
> path.
>
> Steps to reproduce:
> $ mkdir /tmp/foo
> $ cd /tmp/foo
> $ touch file
> $ ln -s /tmp/foo/file link
> $ tar -cf archive.tar link
> $ mkdir /tmp/foo/dest
> $ virt-sandbox -c qemu:///session \
> -m host-bind:/mnt=/tmp/foo/dest \
> -- /bin/tar xf /tmp/foo/archive.tar -C /mnt
> Error message:
> tar: link: Cannot open: Permission denied
> tar: Exiting with failure status due to previous errors
>
> Append the flag "--absolute-names" to disable strip leading '/'s.
[1]
https://www.gnu.org/software/tar/manual/html_node/Live-untrusted-data.html#SEC180
[2]
https://www.gnu.org/software/tar/manual/html_node/Permissions-problems.html#SEC174
[3] https://linux.die.net/man/1/tar
> ---
> src/virtBootstrap/utils.py | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/virtBootstrap/utils.py b/src/virtBootstrap/utils.py
> index 63ef57a..2fe23d9 100644
> --- a/src/virtBootstrap/utils.py
> +++ b/src/virtBootstrap/utils.py
> @@ -106,7 +106,8 @@ def safe_untar(src, dest):
>
> # Compression type is auto detected from tar
> # Exclude files under /dev to avoid "Cannot mknod: Operation not permitted"
> - params = ['--', '/bin/tar', 'xf', src, '-C', '/mnt', '--exclude', 'dev/*']
> + params = ['--', '/bin/tar', 'xf', src, '-C', '/mnt', '--exclude', 'dev/*',
> + '--absolute-names']
> execute(virt_sandbox + params)
>
>
_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
