This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Add ar --output

From: Nick Clifton <nickc at redhat dot com>
To: Fangrui Song <i at maskray dot me>
Cc: binutils at sourceware dot org
Date: Mon, 4 Nov 2019 12:09:47 +0000
Subject: Re: Add ar --output
References: <20191025061359.26fmpvlx3l6xww2k@gmail.com> <2d235e79-16c2-d61a-90d0-56eb40eab573@redhat.com> <20191029175203.k4vk5awdtjnkdmvu@gmail.com> <02939d25-1ea7-6963-f77f-807c0932f076@redhat.com> <20191102170156.diylqsvxvflbv7bb@gmail.com>

Hi Fangrui,

> Thanks for pushing this, however, I think the landed commit does not
> support absolute paths or paths that contain ..
> 
>  ar --output=/tmp x a.a file
>  ar --output=../dir x a.a file

Right - I had thought that this was what we had decided should happen.

> While I agree that `ar x a.a ../file` and `ar x a.a /tmp/file` may lead
> to directory traversal vulnerabilities, I think people who specify
> --output will likely use an absolute path or a path containing ..

OK, so what do you think of the patch below ?

Cheers
  Nick



 diff --git a/binutils/ar.c b/binutils/ar.c
index 0af7954a47..2e706fb46a 100644
--- a/binutils/ar.c
+++ b/binutils/ar.c
@@ -1083,10 +1083,9 @@ open_output_file (bfd * abfd)
 	    output_filename = concat (output_dir, "/", output_filename, NULL);
 	}
     }
-    
   /* PR binutils/17533: Do not allow directory traversal
      outside of the current directory tree.  */
-  if (! is_valid_archive_path (output_filename))
+  else if (! is_valid_archive_path (output_filename))
     {
       char * base = (char *) lbasename (output_filename);
 
diff --git a/binutils/doc/binutils.texi b/binutils/doc/binutils.texi
index 2a86b92033..11de2d3deb 100644
--- a/binutils/doc/binutils.texi
+++ b/binutils/doc/binutils.texi
@@ -390,7 +390,9 @@ are extracted.
 Files cannot be extracted from a thin archive, and there are
 restrictions on extracting from archives created with @option{P}: The
 paths must not be absolute, may not contain @code{..}, and any
-subdirectories in the paths must exist.
+subdirectories in the paths must exist.  If it is desired to avoid
+these restrictions then used the @option{--output} option to specify
+an output directory.
 @end table
 
 A number of modifiers (@var{mod}) may immediately follow the @var{p}
@@ -589,11 +591,6 @@ Note - although the presence of this option does imply a @option{x}
 extraction operation that option must still be included on the command
 line.
 
-Note - using this option does not allow archive members to be
-extracted to locations outside of the current directory, or one of its 
-sub-directories.  This is a security feature to prevent archives
-created with the @option{P} option from maliciously overwriting user
-files.
 @end table
 @c man end

Follow-Ups:
- Re: Add ar --output
  - From: Fangrui Song

References:
- Re: Add ar --output
  - From: Fangrui Song

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]