summaryrefslogtreecommitdiff
path: root/testsuite
diff options
context:
space:
mode:
authorDenys Vlasenko2018-02-20 15:57:45 +0100
committerDenys Vlasenko2018-02-20 16:06:53 +0100
commita84db18fc71d09e801df0ebca048d82e90b32c6a (patch)
tree1eda8cd659f78406f1b9f86d5e0b5757af20bad9 /testsuite
parent95121d98e6da12599246d8e25c3f300e422a06fb (diff)
downloadbusybox-a84db18fc71d09e801df0ebca048d82e90b32c6a.zip
busybox-a84db18fc71d09e801df0ebca048d82e90b32c6a.tar.gz
tar,unzip: postpone creation of symlinks with "suspicious" targets
This mostly reverts commit bc9bbeb2b81001e8731cd2ae501c8fccc8d87cc7 "libarchive: do not extract unsafe symlinks unless $EXTRACT_UNSAFE_SYMLINKS=1" Users report that it is somewhat too restrictive. See https://bugs.busybox.net/show_bug.cgi?id=8411 In particular, this interferes with unpacking of busybox-based filesystems with links like "sbin/applet" -> "../bin/busybox". The change is made smaller by deleting ARCHIVE_EXTRACT_QUIET flag - it is unused since 2010, and removing conditionals on it allows commonalizing some error message codes. function old new delta create_or_remember_symlink - 94 +94 create_symlinks_from_list - 64 +64 tar_main 1002 1006 +4 unzip_main 2732 2724 -8 data_extract_all 984 891 -93 unsafe_symlink_target 147 - -147 ------------------------------------------------------------------------------ (add/remove: 2/1 grow/shrink: 1/2 up/down: 162/-248) Total: -86 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'testsuite')
-rwxr-xr-xtestsuite/tar.tests10
1 files changed, 5 insertions, 5 deletions
diff --git a/testsuite/tar.tests b/testsuite/tar.tests
index b7cd74c..1675b07 100755
--- a/testsuite/tar.tests
+++ b/testsuite/tar.tests
@@ -279,7 +279,7 @@ optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
testing "tar does not extract into symlinks" "\
>>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
" "\
-tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
+tar: can't create symlink 'passwd' to '/tmp/passwd'
0
" \
"" "\
@@ -299,7 +299,7 @@ optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
testing "tar -k does not extract into symlinks" "\
>>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
" "\
-tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
+tar: can't create symlink 'passwd' to '/tmp/passwd'
0
" \
"" "\
@@ -324,11 +324,11 @@ rm -rf etc usr
' "\
etc/ssl/certs/3b2716e5.0
etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
-tar: skipping unsafe symlink to '/usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
etc/ssl/certs/f80cc7f6.0
usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
0
etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
+etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
etc/ssl/certs/f80cc7f6.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
" \
"" ""
@@ -346,9 +346,9 @@ ls symlink/bb_test_evilfile
' "\
anything.txt
symlink
-tar: skipping unsafe symlink to '/tmp' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
symlink/bb_test_evilfile
-0
+tar: can't create symlink 'symlink' to '/tmp'
+1
ls: /tmp/bb_test_evilfile: No such file or directory
ls: bb_test_evilfile: No such file or directory
symlink/bb_test_evilfile