On 05/08/17 20:23, Radostin Stoyanov wrote:
> By default tar strips leading '/'s from file names. However
> if we have a symlink inside an archive with link which starts
> with '/' then this slash will be removed. [1]
>
> This will result as error "Cannot open:Permission denied" [2]
> when tar tries to create the symlink with the invalid target
> path.
>
> Steps to reproduce:
>     $ mkdir /tmp/foo
>     $ cd /tmp/foo
>     $ touch file
>     $ ln -s /tmp/foo/file link
>     $ tar -cf archive.tar link
>     $ mkdir /tmp/foo/dest
>     $ virt-sandbox -c qemu:///session \
>                    -m host-bind:/mnt=/tmp/foo/dest \
>                    -- /bin/tar xf /tmp/foo/archive.tar -C /mnt
> Error message:
>     tar: link: Cannot open: Permission denied
>     tar: Exiting with failure status due to previous errors
>
> Append the flag "--absolute-names" to disable strip leading '/'s.
    [1]
https://www.gnu.org/software/tar/manual/html_node/Live-untrusted-data.html#SEC180
    [2]
https://www.gnu.org/software/tar/manual/html_node/Permissions-problems.html#SEC174
    [3] https://linux.die.net/man/1/tar
> ---
>  src/virtBootstrap/utils.py | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/virtBootstrap/utils.py b/src/virtBootstrap/utils.py
> index 63ef57a..2fe23d9 100644
> --- a/src/virtBootstrap/utils.py
> +++ b/src/virtBootstrap/utils.py
> @@ -106,7 +106,8 @@ def safe_untar(src, dest):
>  
>      # Compression type is auto detected from tar
>      # Exclude files under /dev to avoid "Cannot mknod: Operation not 
> permitted"
> -    params = ['--', '/bin/tar', 'xf', src, '-C', '/mnt', '--exclude', 
> 'dev/*']
> +    params = ['--', '/bin/tar', 'xf', src, '-C', '/mnt', '--exclude', 
> 'dev/*',
> +              '--absolute-names']
>      execute(virt_sandbox + params)
>  
>  

_______________________________________________
virt-tools-list mailing list
virt-tools-list@redhat.com
https://www.redhat.com/mailman/listinfo/virt-tools-list

Reply via email to