Issue with tar command

Latest response

I am receiving below error in RHEL 6 server

tar -cpf /apps/new_062514.tar *
tar: You may not specify more than one -Acdtrux' or--test-label' option
Try tar --help' ortar --usage' for more information.

Can someone please help?

Responses

First guess would be that someone has aliased tar.

Type 'alias tar' and see what you get back.

Also, try 'which tar' to make sure you are executing the tar binary and not a script in your path.

NO Alias set for tar. which tar point the correct one..

/bin/tar

Maybe one of the files begins with '-' ?

If so, you could work around it using the command:
tar -cpf /apps/new_062514.tar -- *

Thanks for the response.

I figured out the isse. There was a weird file name. -rw-r-r-
I removed that file and it worked.

Thanks Mikey :-) the issue was the same. :-)

Thanks for helping out Mike !

There's numerous ways to do this, I have a perl script that will rename or remove illegal file names. The method below is certainly not the only method and there are more elegant methods to drop a strange file name...

That being said, here's something I did today for an odd named file...
- Look for the file by inode

ls -li
<look for output of file with illegal name>
883566327 -rw------- 1 jack sales 15 Jun 30 12:50 <some file with illegal characters here>

Use the find command to see if it traps it with the inode...

find /path/to/directory/of/bad/file/ -type f -inum 883566327 -print
/path/to/directory/of/bad/file/<file with illegal characters>

test to see if echo returns what was expected with a find/exec (good to be careful on a production server)

find /path/to/directory/of/bad/file/ -type f -inum 883566327 -print -exec /bin/echo /bin/rm {} \;
## OUTPUT ## /bin/rm <illegal file name with path you defined>
  • Drop the '/bin/echo' after the test to remove it
find /path/to/directory/of/bad/file/ -type f -inum 883566327 -print -exec /bin/rm {} \;

Repeat the initial find command and nothing should return

I think this was a great catch by Mike!, deserves kudos.

This whitepaper discusses the same issue and how it can be exploited. It's coincidental that it was only released about a month ago.
http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt

Indeed (nice catch Mike)

I work with developers who purposefully use the most annoying collection of "illegal" characters (not '-rf' as a filename yet). They apparently do this to rack/stack visibility of files when these file systems are presented to windows. I did a find within their specific file system and ended up with a text file of results, that file was huge (understatement).

I have since found a Perl module I use (since about two years ago) to get past all the annoyances of file/dir names and so far it works. I made a script (I can share later if someone wishes), that has an example of that Perl module.

Thanks for posting that link Pixel

Pixel,
I've been reading that text file you mentioned. Of course admins need to first be aware of this and (again, first), take appropriate measures. Additionally, I believe it's high time this be properly addressed. Once in a while I and others have come across an oddly named file or directory that caused things to go wrong and have to deal with it. That article covers a number abuses that if purposefully used could potentially cause havoc.

Not sure where it will land, but I mentioned it to these folks at Red Hat. I noticed on a recent Ubuntu distro that they have included a warning with 'rm -rf' under certain conditions. Not a fix all and the problem is obviously more diverse.

  • Certainly there are things admins can do to avert this as well.

I think a shell option to ignore items starting with '-' when globbing would be a nice start, that would solve a large portion of these issues (but I am sure there a far more examples / edge cases people can provide).

Something like the 'dotglob' option that already exists.. eg. 'hyphenglob' to change the behaviour when set.

Good morning,

This has come up a few times over the years, and seems it has not received a CVE number and treated as a security issue as it is (unfortunately?) the expected behavior. A concern with changing it now is the legacy applications it may break.

I do not see any problems with filing some bugs regarding the warning message Ubuntu has and the globbing options (if you have not already) - the developers looking at the bugs will have good insights.

There is also additional discussion about this issue on reddit: http://www.reddit.com/r/netsec/comments/28uv68/exploiting_wildcard_expansion_on_linux/

--
Murray McAllister / Red Hat Product Security

The benefit of making it a shell option is that the default could retain the current behaviour and only when the option is set does it ignore the '-' prefix. this way legacy applications won't be impacted unless the user/admin explicitly sets the shell option. It can then at least be set by those who want to explicitly ignore "-files" in scripts etc.

I realise this likely needs to be solved upstream and impacts far more than just Red Hat.

Thanks for the /netsec discussion link.