| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
When creating archives, take care that they are not writable by a untrusted user; otherwise, that user could modify the archive, and when you later extract from the archive you will get incorrect data.
When tar extracts from an archive, by default it writes into
files relative to the working directory. If the archive was generated
by an untrusted user, that user therefore can write into any file
under the working directory. If the working directory contains a
symbolic link to another directory, the untrusted user can also write
into any file under the referenced directory. When extracting from an
untrusted archive, it is therefore good practice to create an empty
directory and run tar in that directory.
When extracting from two or more untrusted archives, each one should be extracted independently, into different empty directories. Otherwise, the first archive could create a symbolic link into an area outside the working directory, and the second one could follow the link and overwrite data that is not under the working directory. For example, when restoring from a series of incremental dumps, the archives should have been created by a trusted process, as otherwise the incremental restores might alter data outside the working directory.
If you use the ‘--absolute-names’ (‘-P’) option when
extracting, tar respects any file names in the archive, even
file names that begin with ‘/’ or contain ‘..’. As this
lets the archive overwrite any file in your system that you can write,
the ‘--absolute-names’ (‘-P’) option should be used only
for trusted archives.
Conversely, with the ‘--keep-old-files’ (‘-k’) and
‘--skip-old-files’ options, tar refuses to replace
existing files when extracting. The difference between the two
options is that the former treats existing files as errors whereas the
latter just silently ignores them.
Finally, with the ‘--no-overwrite-dir’ option, tar
refuses to replace the permissions or ownership of already-existing
directories. These options may help when extracting from untrusted
archives.
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on August 23, 2023 using texi2html 5.0.