In article <[email protected]>, Joerg Sonnenberger <[email protected]> wrote: >On Tue, Oct 22, 2019 at 08:00:35PM +0200, Christian Groessler wrote: >> "tar" had an option to delete files which it is about to extract before >> extraction. Wouldn't this solve the "symlink" issue at hand? What am I >> missing? > >See the SECURITY section in the man page. Both -U and -P are ways to >dealing with this, but with different end result.
Here are two simple patches: 1. Track symlinks that tar created and for them keep the current behavior of overwriting them, but extract through pre-existing ones: https://www.netbsd.org/~christos/track-symlinks.diff Pros: default behavior Cons: adds complexity, have not thought through all the possible scenarios, can slow down things when there are lots of symlinks. 2. Add a flag to just allow symlinks: https://www.netbsd.org/~christos/track-symlinks.diff Pros: simple and reduces the attack surface, gets the behavior we had before Cons: not standard, malicious tars can still do damage. I am not advocating for either, perhaps we should just add -P to the extraction and get over it :-) christos
