#2436 Squashfs error: dangerous symbolic link path was ignored

[Sam Tansy]

Made a squashfs with mksquashfs and trying to unpack it with 7zip one of the symlinks was not created with following error:

$ 7zz x -oo jre1.6.0_20.sqsh
ERROR: Dangerous symbolic link path was ignored : opt/java/jre1.6.0_20/lib/i386/client/libjsig.so : ../libjsig.so
ERROR: Dangerous symbolic link path was ignored : opt/java/jre1.6.0_20/lib/i386/server/libjsig.so : ../libjsig.so

Unsquashfs had no problem with it; p7zip-17.04 did unpack it in it's own, not very good, manner but without an error. Also test (7z t jre1.6.0_20.sqsh) shown no errors, nor warnings.

[aONe]

Use the -snld flag.

[Sam Tansy]

Thanks.
I wonder what is so dangerous in this kind of symlink (../libjsig.so).

[Igor Pavlov]

"go to parent" links can be dangerous, because they can go to folder that is not expected by user that extracts archive to some specified folder.
And we want some safe isolation of extracted folders from another folders.

There are some possible complex attacks with multiple link files where each link points to parent level.
So we try to be more safe for link extracting.