Bug 31929

Summary: GNU Tar shipped with FreeBSD handles relative paths
Product: Base System Reporter: Przemyslaw Frasunek <venglin>
Component: gnuAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.4-STABLE   
Hardware: Any   
OS: Any   

Description Przemyslaw Frasunek 2001-11-12 12:50:01 UTC 
FreeBSD ships old version of GNU Tar, which allows to overwrite any file in
system, when unpacking archive. Additionally, Tar changes permissions
of current directory to 0755, when unpacking malformed archive, containing ".".
Both problems were fixed some time ago and most recent version of GNU Tar is
secure.

This problem can expose security risk for mail anti-virus scanners.

Fix: 

Upgrade GNU Tar from base system to most recent version.
How-To-Repeat: 
First problem:

riget:root:/tmp# touch /etc/test
riget:root:/tmp# tar -cf test.tar ../../../../../../etc/test
riget:root:/tmp# rm /etc/test
riget:root:/tmp# tar -xf test.tar
riget:root:/tmp# ls -la /etc/test
-rw-r--r--  1 root  wheel  0 12 Lis 13:43 /etc/test

Second problem:

riget:root:/tmp/dupa# tar -cvf test.tar .
./
tar: test.tar is the archive; not dumped
riget:root:/tmp/dupa# chmod 700 .
riget:root:/tmp/dupa# tar -xf test.tar
riget:root:/tmp/dupa# ls -ld .
drwxr-xr-x  2 root  wheel  512 12 Lis 13:44 .
Comment 1 Maxim Sobolev freebsd_committer freebsd_triage 2002-06-04 18:54:13 UTC 
State Changed
From-To: open->patched

Modern GNU tar which was just imported into the -CURRENT doesn't have this 
problem. Therefore, the problem will befilly resolved when tar upgrade is 
MFC'ed in about 1 month.
Comment 2 Johan Karlsson freebsd_committer freebsd_triage 2002-08-22 18:19:54 UTC 
State Changed
From-To: patched->closed

GNU tar 1.13.25 has been MFCed.