| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
10.2.4 Security Rules of Thumb
This section briefly summarizes rules of thumb for avoiding security pitfalls.
- Protect archives at least as much as you protect any of the files being archived.
-
Extract from an untrusted archive only into an otherwise-empty
directory. This directory and its parent should be accessible only to
trusted users. For example:
$ chmod go-rwx . $ mkdir -m go-rwx dir $ cd dir $ tar -xvf /archives/got-it-off-the-net.tar.gz
As a corollary, do not do an incremental restore from an untrusted archive.
- Do not let untrusted users access files extracted from untrusted archives without checking first for problems such as setuid programs.
-
Do not let untrusted users modify directories that are ancestors of
top-level arguments of
tar. For example, while you are executing ‘tar -cf /archive/u-home.tar /u/home’, do not let an untrusted user modify ‘/’, ‘/archive’, or ‘/u’. -
Pay attention to the diagnostics and exit status of
tar. -
When archiving live file systems, monitor running instances of
tarto detect denial-of-service attacks. - Avoid unusual options such as ‘--absolute-names’ (‘-P’), ‘--dereference’ (‘-h’), ‘--overwrite’, ‘--recursive-unlink’, and ‘--remove-files’ unless you understand their security implications.
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on November 1, 2013 using texi2html 5.0.