7 comments

[ 2.8 ms ] story [ 27.9 ms ] thread
Interesting. I wonder if this kind of bugs could be found automatically, via fuzzing. It would be nice if someone found a way to add a definition of unexpected behavior to fuzzing with AFL...
How come the GNU tar maintainer was ignoring this for 6 months? Shouldn't someone better take over then? Huge fail.
From what I can tell they didn't ignore it they just don't think it is a bug.
Linux is supposedly secure because everyone can access the source code and find a serious bug.

The question is whether anyone will fix it.

I'd say that the issue is only a vulnerability if you're doing tar -C / (which would be dumb). The actual issue appears to be that the filtering features of GNU tar are applied before pathname sanitisation (which is the actual security bug). The title (and some of the wording in the disclosure) lead me to believe that GNU tar would let you extract to paths outside the -C directory (which would be very bad).

So I kinda see the PoV of the maintainer, though I don't agree with the filter ordering.