Tar/Security-rules-of-thumb
From Get docs
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
10.2.4 Security Rules of Thumb
This section briefly summarizes rules of thumb for avoiding security pitfalls.
- Protect archives at least as much as you protect any of the files being archived.
Extract from an untrusted archive only into an otherwise-empty directory. This directory and its parent should be accessible only to trusted users. For example:
$ chmod go-rwx . $ mkdir -m go-rwx dir $ cd dir $ tar -xvf /archives/got-it-off-the-net.tar.gz
As a corollary, do not do an incremental restore from an untrusted archive.
- Do not let untrusted users access files extracted from untrusted archives without checking first for problems such as setuid programs.
- Do not let untrusted users modify directories that are ancestors of
top-level arguments of
tar
. For example, while you are executing`tar -cf /archive/u-home.tar /u/home'
, do not let an untrusted user modify`/'
,`/archive'
, or`/u'
. - Pay attention to the diagnostics and exit status of
tar
. - When archiving live file systems, monitor running instances of
tar
to detect denial-of-service attacks. - Avoid unusual options such as
`--absolute-names'
(`-P'
),`--dereference'
(`-h'
),`--overwrite'
,`--recursive-unlink'
, and`--remove-files'
unless you understand their security implications.
This document was generated on February, 23 2019 using texi2html 1.76.