summaryrefslogtreecommitdiff
path: root/0014-2371-Allow-iSulad-to-pull-load-image-with-symlink.patch
blob: 4a1fa1f0bd9d93cf7da62f942edf203f7ec97577 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
From fd4c80b8de768d7132cef0720cd46167173a653b Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Mon, 19 Feb 2024 01:05:18 +0000
Subject: [PATCH 14/43] !2371 Allow iSulad to pull/load image with symlink *
 Allow iSulad to pull/load image with symlink

---
 src/utils/tar/util_archive.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index e4c302bc..52b51162 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -637,6 +637,11 @@ static void try_to_replace_exited_dst(const char *dst_path, struct archive_entry
     }
 }
 
+/**
+ * This function has to be used with chroot to prevent a potential attack from manipulating
+ * the path of the file to be extracted, such as using a symbolic link to extract the file to
+ * a location outside the path.
+ */
 int archive_unpack_handler(const struct io_read_wrapper *content, const struct archive_options *options)
 {
     int ret = 0;
@@ -671,10 +676,12 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const struct a
     flags |= ARCHIVE_EXTRACT_PERM;
     flags |= ARCHIVE_EXTRACT_ACL;
     flags |= ARCHIVE_EXTRACT_FFLAGS;
-    flags |= ARCHIVE_EXTRACT_SECURE_SYMLINKS;
-    flags |= ARCHIVE_EXTRACT_SECURE_NODOTDOT;
     flags |= ARCHIVE_EXTRACT_XATTR;
-    flags |= ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS;
+    /**
+     * ARCHIVE_EXTRACT_SECURE_SYMLINKS, ARCHIVE_EXTRACT_SECURE_NODOTDOT,
+     * ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS flags are not set here,
+     * since this function is called after chroot, the security of the path is guaranteed.
+     */
 
     a = archive_read_new();
     if (a == NULL) {
-- 
2.34.1