in reply to Security Hole in Archive::Tar ??

I get the auto stripping also...

But, you could do this type of evil... 

[root@localhost root]# mkdir /foo.chroot /foo.chroot/lib
[root@localhost root]# ldd /bin/tar
        librt.so.1 => /lib/librt.so.1 (0x40027000)
        libc.so.6 => /lib/libc.so.6 (0x40039000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x40177000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
[root@localhost root]# (cd /lib && cp -p librt.so.1 libc.so.6 libpthre
+ad.so.0 ld-linux.so.2 /foo.chroot/lib)
[root@localhost root]# cp -p /bin/tar /foo.chroot
[root@localhost root]#
[root@localhost root]# cat >/etc/passwd.gotcha
gotcha!
^D
[root@localhost root]# tar cvf gotcha.tar /etc/passwd.gotcha
tar: Removing leading `/' from member names
etc/passwd.gotcha
[root@localhost root]# man tar
...
[root@localhost root]# tar Pcvf gotcha.tar /etc/passwd.gotcha
/etc/passwd.gotcha
[root@localhost root]# tar tvf gotcha.tar
-rw-r--r-- root/root         8 2002-04-02 17:15:50 /etc/passwd.gotcha
[root@localhost root]# rm -f /etc/passwd.gotcha
[root@localhost root]# tar xvf gotcha.tar
/etc/passwd.gotcha
tar: Removing leading `/' from member names
[root@localhost root]# ls ./etc/passwd.gotcha
./etc/passwd.gotcha
[root@localhost root]# rm ./etc/passwd.gotcha
[root@localhost root]# tar Pxvf gotcha.tar
/etc/passwd.gotcha
[root@localhost root]# ls /etc/passwd.gotcha
/etc/passwd.gotcha
[root@localhost root]# rm /etc/passwd.gotcha
[root@localhost root]# # ob. untested perl ;)
[root@localhost root]# perl -e 'print qx(cat gotcha.tar | chroot /foo.
+chroot ./tar Pxvf -)'
/etc/passwd.gotcha
[root@localhost root]# ls /etc/passwd.gotcha
ls: /etc/passwd.gotcha: No such file or directory
[root@localhost root]# ls /foo.chroot/etc/passwd.gotcha
/foo.chroot/etc/passwd.gotcha

[download]

In Section Seekers of Perl Wisdom