Extracted archives could create symlinks which point anywhere on the file system, potentially resulting in a directory traversal attack if subsequent extraction utilties blindly follow these symlinks. More generically, Binwalk makes use of many third-party extraction utilties which may have unpatched security issues. This branch addresses these issues by:
Sanitizing symlinks that point outside of the extraction directory by changing the symlink target to os.devnull. A warning is displayed to the end user, which includes the path to the offending symlink as well as the original symlink target. Symlink sanitization can be disabled by the end user if desired.
Providing a --run-as command line option, which specifies a user account to run third-party extraction utilities under (requires Binwalk itself to be run as root).
Refusing to perform extraction as root unless --run-as=root is specified.
Adding a notice in the README pertaining to these issues and changes.
Adding an explicit test for relative and absolute symlink directory traversal attempts.
Extracted archives could create symlinks which point anywhere on the file system, potentially resulting in a directory traversal attack if subsequent extraction utilties blindly follow these symlinks. More generically, Binwalk makes use of many third-party extraction utilties which may have unpatched security issues. This branch addresses these issues by:
--run-ascommand line option, which specifies a user account to run third-party extraction utilities under (requires Binwalk itself to be run as root).--run-as=rootis specified.