Tar/Security-rules-of-thumb

From Get docs

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

10.2.4 Security Rules of Thumb

This section briefly summarizes rules of thumb for avoiding security pitfalls.

  • Protect archives at least as much as you protect any of the files being archived.

  • Extract from an untrusted archive only into an otherwise-empty directory. This directory and its parent should be accessible only to trusted users. For example:

      
    $ chmod go-rwx .
$ mkdir -m go-rwx dir
$ cd dir
$ tar -xvf /archives/got-it-off-the-net.tar.gz

    As a corollary, do not do an incremental restore from an untrusted archive.

  • Do not let untrusted users access files extracted from untrusted archives without checking first for problems such as setuid programs.
  • Do not let untrusted users modify directories that are ancestors of top-level arguments of tar. For example, while you are executing `tar -cf /archive/u-home.tar /u/home', do not let an untrusted user modify `/', `/archive', or `/u'.
  • Pay attention to the diagnostics and exit status of tar.
  • When archiving live file systems, monitor running instances of tar to detect denial-of-service attacks.
  • Avoid unusual options such as `--absolute-names' (`-P'), `--dereference' (`-h'), `--overwrite', `--recursive-unlink', and `--remove-files' unless you understand their security implications.

This document was generated on February, 23 2019 using texi2html 1.76.

Retrieved from "https://getdocs.org/index.php?title=Tar/Security-rules-of-thumb&oldid=5089"
Powered by MediaWiki