[SOLVED] Tar: what's the implication of the ./ and ./file structure in the tar file?
Solved
After interesting/insightful inputs from different users, here are the takeaways:
- It doesn’t have some critical or dangerous impact or implications when extracted
- It contains the tared parent folder (see below for some neat tricks)
- It only overwrites the owner/permission if
./
itself is included in the tar file as a directory. - Tarbombs are specially crafted tar archives with absolute paths
/
(by default (GNU) tar strips absolute paths and will throw a warning except if used with a special option–absolute-names or -P
) - Interesting read: Path-traversal vulnerability (
…/
)
Some neat trick I learned from the post
Temporarily created subshell with its own environment:
<span style="color:#323232;">Let’s say you’re in the home directory that’s called /home/joe. You could go something like:
</span><span style="color:#323232;">
</span><span style="color:#323232;">> (cd bin && pwd) && pwd
</span><span style="color:#323232;">/home/joe/bin
</span><span style="color:#323232;">/home/joe
</span><span style="color:#323232;">
</span>
Exclude parent folder and ./
./file
from tar
There are probably a lot of different ways to achieve that expected goal:
(cd mydir/ && tar -czvf mydir.tgz *)
find mydir/ -printf “%Pn” | tar -czf mytar.tgz --no-recursion -C mydir/ -T -
source
The absolute path could overwrite my directory structure (tarbomb) sourceWill overwrite permission/owner to the current directory if extracted. source
I’m sorry if my question wasn’t clear enough, I’m really doing my best to be as comprehensible as possible :/
Hi everyone !
I’m playing a bit around with tar to understand how it works under the hood. While poking around and searching through the web I couldn’t find an actual answer, on what are the implication of ./
and ./file
structure in the tar archive.
Output 1
<span style="color:#323232;">sudo find ./testar -maxdepth 1 -type d,f -printf </span><span style="color:#183691;">"%Pn" </span><span style="font-weight:bold;color:#a71d5d;">| </span><span style="color:#323232;">sudo tar -czvf ./xtractar/tar1/testbackup1.tgz -C ./testar -T -
</span>
<span style="color:#323232;">#output
</span><span style="color:#323232;">> tar tf tar1/testbackup1.tgz
</span><span style="color:#323232;">
</span><span style="color:#323232;">text.tz
</span><span style="color:#323232;">test
</span><span style="color:#323232;">my
</span><span style="color:#323232;">file.txt
</span><span style="color:#323232;">.testzero
</span><span style="color:#323232;">test01/
</span><span style="color:#323232;">test01/never.xml
</span><span style="color:#323232;">test01/file.exe
</span><span style="color:#323232;">test01/file.tar
</span><span style="color:#323232;">test01/files
</span><span style="color:#323232;">test01/.testfiles
</span><span style="color:#323232;">My test folder.txt
</span>
Output 2
<span style="color:#323232;">sudo find ./testar -maxdepth 1 -type d,f </span><span style="font-weight:bold;color:#a71d5d;">| </span><span style="color:#323232;">sudo tar -czvf ./xtractar/tar2/testbackup2.tgz -C ./testar -T -
</span>
<span style="color:#323232;">#output
</span><span style="color:#323232;">>tar tf tar2/testbackup2.tgz
</span><span style="color:#323232;">
</span><span style="color:#323232;">./testar/
</span><span style="color:#323232;">./testar/text.tz
</span><span style="color:#323232;">./testar/test
</span><span style="color:#323232;">./testar/my
</span><span style="color:#323232;">./testar/file.txt
</span><span style="color:#323232;">./testar/.testzero
</span><span style="color:#323232;">./testar/test01/
</span><span style="color:#323232;">./testar/test01/never.xml
</span><span style="color:#323232;">./testar/test01/file.exe
</span><span style="color:#323232;">./testar/test01/file.tar
</span><span style="color:#323232;">./testar/test01/files
</span><span style="color:#323232;">./testar/test01/.testfiles
</span><span style="color:#323232;">./testar/My test folder.txt
</span><span style="color:#323232;">./testar/text.tz
</span><span style="color:#323232;">./testar/test
</span><span style="color:#323232;">./testar/my
</span><span style="color:#323232;">./testar/file.txt
</span><span style="color:#323232;">./testar/.testzero
</span><span style="color:#323232;">./testar/test01/
</span><span style="color:#323232;">./testar/test01/never.xml
</span><span style="color:#323232;">./testar/test01/file.exe
</span><span style="color:#323232;">./testar/test01/file.tar
</span><span style="color:#323232;">./testar/test01/files
</span><span style="color:#323232;">./testar/test01/.testfiles
</span><span style="color:#323232;">./testar/My test folder.txt
</span>
The outputs are clearly different and if I extract them both the only difference I see is that the second outputs the parent folder. But reading here and here this is not a good solution? But nobody actually says why?
Has anyone a good explanation why the second way is bad practice? Or not recommended?
Thank you :)