From fd4c80b8de768d7132cef0720cd46167173a653b Mon Sep 17 00:00:00 2001 From: xuxuepeng Date: Mon, 19 Feb 2024 01:05:18 +0000 Subject: [PATCH 14/43] !2371 Allow iSulad to pull/load image with symlink * Allow iSulad to pull/load image with symlink --- src/utils/tar/util_archive.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c index e4c302bc..52b51162 100644 --- a/src/utils/tar/util_archive.c +++ b/src/utils/tar/util_archive.c @@ -637,6 +637,11 @@ static void try_to_replace_exited_dst(const char *dst_path, struct archive_entry } } +/** + * This function has to be used with chroot to prevent a potential attack from manipulating + * the path of the file to be extracted, such as using a symbolic link to extract the file to + * a location outside the path. + */ int archive_unpack_handler(const struct io_read_wrapper *content, const struct archive_options *options) { int ret = 0; @@ -671,10 +676,12 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const struct a flags |= ARCHIVE_EXTRACT_PERM; flags |= ARCHIVE_EXTRACT_ACL; flags |= ARCHIVE_EXTRACT_FFLAGS; - flags |= ARCHIVE_EXTRACT_SECURE_SYMLINKS; - flags |= ARCHIVE_EXTRACT_SECURE_NODOTDOT; flags |= ARCHIVE_EXTRACT_XATTR; - flags |= ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS; + /** + * ARCHIVE_EXTRACT_SECURE_SYMLINKS, ARCHIVE_EXTRACT_SECURE_NODOTDOT, + * ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS flags are not set here, + * since this function is called after chroot, the security of the path is guaranteed. + */ a = archive_read_new(); if (a == NULL) { -- 2.34.1