This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

tar port special DOS/Windows device name



I've  reported problem to GNU tar developers, they replied it's cygwin
problem, DJGPP port of tar supported by GNU doesn't have this problem.
Since  reply  contains very useful information I've attached it. There
is  another  security  problem in currently developing version 1.13.19
(directory traversal) I believe it's not time to patch this problem in
cygwin  right  now, but it's better wait until directory traversal bug
will  be  completely  fixed  by  GNU developers and then patch already
updated version.

Sure,  port  of unzip also has same problems (both directory traversal
and special devices), but I was unable to contact authors.

-=-=-=-=-=-

Hello support,

If  archive  contains file with special name (such as prn, lpt1, com1,
con,  etc) it will be extracted to this device instead of file. Tested
with  pkzipc, WinRAR, rar, WinZip, tar (cygwin port under windows). In
case of WinZip and tar file will be extracted silently, in other cases
overwrite confirmation required.

This  problem is only DOS/Windows specific. Tested on Windows NT/2000.
To  test:  make  sure  PRN:  (usually  PRN:  is  an alias to LPT1:) is
functioning  (that  is  you have printer connected to LPT1) and try to
extract  attached  ZIP,  TAR or RAR archive. It should print 1 page on
PCL-compatible printer.

-- 
http://www.security.nnov.ru
         /\_/\
        { . . }     |\
+--oQQo->{ ^ }<-----+ \
|  3APA3A  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)



On Thu, 5 Jul 2001, 3APA3A wrote:

> If  archive  contains file with special name (such as prn, lpt1, com1,
> con,  etc) it will be extracted to this device instead of file. Tested
> with  pkzipc, WinRAR, rar, WinZip, tar (cygwin port under windows). In
> case of WinZip and tar file will be extracted silently, in other cases
> overwrite confirmation required.

I cannot speak for WinZip, pkzip, and other programs, but as for GNU Tar, 
what you mention is a bug in the ported Cygwin executable.  Try the DJGPP 
port of Tar, and you will see that it handles such file names gracefully:

  ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp/v2gnu/tar112ab.zip

Also, `prn' and `lpt1' are just a sample of the special names.  Any 
device driver which can be reached by opening a special file name will 
cause such problems; thus the list of the offending names cannot be 
known in advance, since additional device drivers can be installed on 
the target system.

In addition, the file-name extension is ignored when the basename 
matches.  So `aux.lst', `prn.c', `con.foo', and an infinite number of 
other similar names--all of them are prone to this problem.  Some of the 
devices will actually wedge the DOS box if you try to extract a file by 
that name; kids, don't try that at home!


prntest.tar

prntest.zip

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]