Solved

After interesting/insightful inputs from different users, here are the takeaways:

  • It doesn’t have some critical or dangerous impact or implications when extracted
  • It contains the tared parent folder (see below for some neat tricks)
  • It only overwrites the owner/permission if ./ itself is included in the tar file as a directory.
  • Tarbombs are specially crafted tar archives with absolute paths / (by default (GNU) tar strips absolute paths and will throw a warning except if used with a special option –absolute-names or -P)
  • Interesting read: Path-traversal vulnerability (../)

Some neat trick I learned from the post

Temporarily created subshell with its own environment:

Let’s say you’re in the home directory that’s called /home/joe. You could go something like:

> (cd bin && pwd) && pwd
/home/joe/bin
/home/joe

source

Exclude parent folder and ./ ./file from tar

There are probably a lot of different ways to achieve that expected goal:

(cd mydir/ && tar -czvf mydir.tgz *)

find mydir/ -printf "%P\n" | tar -czf mytar.tgz --no-recursion -C mydir/ -T - source


The absolute path could overwrite my directory structure (tarbomb) source Will overwrite permission/owner to the current directory if extracted. source

I’m sorry if my question wasn’t clear enough, I’m really doing my best to be as comprehensible as possible :/


Hi everyone !

I’m playing a bit around with tar to understand how it works under the hood. While poking around and searching through the web I couldn’t find an actual answer, on what are the implication of ./ and ./file structure in the tar archive.

Output 1

sudo find ./testar -maxdepth 1 -type d,f -printf "%P\n" | sudo tar -czvf ./xtractar/tar1/testbackup1.tgz -C ./testar -T -
#output
> tar tf tar1/testbackup1.tgz 

text.tz
test
my
file.txt
.testzero
test01/
test01/never.xml
test01/file.exe
test01/file.tar
test01/files
test01/.testfiles
My test folder.txt

Output 2

sudo find ./testar -maxdepth 1 -type d,f  | sudo tar -czvf ./xtractar/tar2/testbackup2.tgz -C ./testar -T -
#output
>tar tf tar2/testbackup2.tgz

./testar/
./testar/text.tz
./testar/test
./testar/my
./testar/file.txt
./testar/.testzero
./testar/test01/
./testar/test01/never.xml
./testar/test01/file.exe
./testar/test01/file.tar
./testar/test01/files
./testar/test01/.testfiles
./testar/My test folder.txt
./testar/text.tz
./testar/test
./testar/my
./testar/file.txt
./testar/.testzero
./testar/test01/
./testar/test01/never.xml
./testar/test01/file.exe
./testar/test01/file.tar
./testar/test01/files
./testar/test01/.testfiles
./testar/My test folder.txt

The outputs are clearly different and if I extract them both the only difference I see is that the second outputs the parent folder. But reading here and here this is not a good solution? But nobody actually says why?

Has anyone a good explanation why the second way is bad practice? Or not recommended?

Thank you :)

  • @[email protected]
    link
    fedilink
    29 months ago

    I think that since you’re piping in the file list from find, the -C ./testar in the tar command is basically irrelevant? You probably need to cd ./testar before the find. Maybe you could do that in a subshell so that the cd doesn’t affect your tar archive path? So something like:

    (sudo cd ./testar && sudo find ./ -maxdepth 1 -type d,f)  | sudo tar -czvf ./xtractar/tar2/testbackup2.tgz -T -
    
    • @[email protected]
      link
      fedilink
      39 months ago

      Ok, I actually tried something like this at a terminal. You do still need the -C ./testar if you use the subshell since tar won’t know where to look otherwise.

      (sudo cd ./testar && sudo find . -maxdepth 1 -type d,f)  | sudo tar -czvf ./xtractar/tar2/testbackup2.tgz -C ./testar -T -
      

      This will still give you a listing with ./text.tz and so on because find prints ./whatever when you search .. I think this is harmless? But I suppose you could remove them if it bothers you.

      (sudo cd ./testar && sudo find . -maxdepth 1 -type d,f)  | cut -c3- | sudo tar -czvf ./xtractar/tar2/testbackup2.tgz -C ./testar -T -
      
      • @[email protected]OP
        link
        fedilink
        29 months ago

        Thank you for testing it out and give some nice insights on how to improve the command. Just curious what’s about the parenthesis (sudo cd ./testar && sudo find . -maxdepth 1 -type d,f)? I have never seen a command structured like that !

        Regarding my question, someone lead me to the right direction. This could overwrite my actual folder structure (tarbomb) depending on where it’s extracted and the absolute path in the tar. It will also extract the permission and ownership to the current directory… source

        • @[email protected]
          link
          fedilink
          29 months ago

          The commands within the parentheses run in a temporarily created subshell with its own environment. So you can change the working directory within it and it won’t effect your main shell’s working directory.

          Let’s say you’re in the home directory that’s called /home/joe. You could go something like:

          > (cd bin && pwd) && pwd
          /home/joe/bin
          /home/joe
          

          If find had something equivalent to tar -C, you wouldn’t need to do this, but I don’t think it does?

          • @[email protected]OP
            link
            fedilink
            3
            edit-2
            9 months ago

            Thank youuu !! I learned something really interesting !!! :)

            (sudo cd ./testar && sudo find . -maxdepth 1 -type d,f) | cut -c3- | sudo tar -czvf ./xtractar/tar2/testbackup2.tgz -C ./testar -T -

            So, you’re trying to sudo cd ? :P I tried a hacky way I found on superuser.com sudo sh -c 'cd dirname' doesn’t work -_- !

            Thank you very much :))) The cut -c3- is a nice alternative !!

            • @[email protected]
              link
              fedilink
              39 months ago

              Oh yeah, that’s another way to make a subshell. But don’t forget to stick the find in there also:

              sudo sh -c 'cd ./testar && find . -maxdepth 1 -type d,f' | ...