Archive::Tar Hardlink Vulnerability in Perl Allowing Insecure Extraction and File Modification

A vulnerability exists in Archive::Tar versions prior to 3.08 for Perl, where the extraction of hardlinks can lead to unauthorized file modifications. The issue arises because the '_make_special_file()' function transfers the linkname from the tar header to the 'link()' system call without proper validation against absolute paths or directory traversal segments. This flaw enables the creation of hardlinks that share the same inode as the original file. Consequently, any modifications made through the extracted link overwrite the original file. Additionally, during the extraction process, the tar header's file permissions, ownership, and timestamps are applied to the shared inode, further complicating the issue.

Impact

Exploitation of this vulnerability allows for unauthorized modifications of files through manipulated hardlinks, potentially leading to data loss or corruption.

Reproduction

The vulnerability can be reproduced by creating a tar archive that includes hardlinks with attacker-controlled linknames that traverse directories or point to absolute paths. When this archive is extracted with a version of Archive::Tar prior to 3.08, the hardlinks will be created without the necessary validation, allowing for the described file modification behavior.

Remediation

Users can upgrade to Archive::Tar version 3.08 or later, where this vulnerability has been addressed.