GNU tar 1.34: 10.2.4 Security Rules of Thumb
From Get docs
Tar/docs/latest/Security-rules-of-thumb
[ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
10.2.4 Security Rules of Thumb
This section briefly summarizes rules of thumb for avoiding security pitfalls.
- Protect archives at least as much as you protect any of the files being archived.
- Extract from an untrusted archive only into an otherwise-empty directory. This directory and its parent should be accessible only to trusted users. For example: $ chmod go-rwx . $ mkdir -m go-rwx dir $ cd dir $ tar -xvf /archives/got-it-off-the-net.tar.gz As a corollary, do not do an incremental restore from an untrusted archive.
- Do not let untrusted users access files extracted from untrusted archives without checking first for problems such as setuid programs.
- Do not let untrusted users modify directories that are ancestors of top-level arguments of
tar
. For example, while you are executing ‘tar -cf /archive/u-home.tar /u/home
’, do not let an untrusted user modify ‘/’, ‘/archive’, or ‘/u’. - Pay attention to the diagnostics and exit status of
tar
. - When archiving live file systems, monitor running instances of
tar
to detect denial-of-service attacks. - Avoid unusual options such as ‘
--absolute-names
’ (‘-P
’), ‘--dereference
’ (‘-h
’), ‘--overwrite
’, ‘--recursive-unlink
’, and ‘--remove-files
’ unless you understand their security implications.
[ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on March 24, 2021 using texi2html 5.0.