This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2007年08月28日 10:09 by lars.gustaebel, last changed 2022年04月11日 14:56 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| insecure_pathnames.diff | lars.gustaebel, 2007年08月28日 10:09 | |||
| Messages (6) | |||
|---|---|---|---|
| msg55361 - (view) | Author: Lars Gustäbel (lars.gustaebel) * (Python committer) | Date: 2007年08月28日 10:09 | |
tarfile does not check pathnames or linknames on extraction. This can lead to data loss or attack scenarios when members with absolute pathnames or pathnames outside of the archive's scope overwrite or overlay existing files or directories. Example for a symlink attack against /etc/passwd: foo -> /etc foo/passwd |
|||
| msg55362 - (view) | Author: jan matejek (matejcik) * | Date: 2007年08月28日 10:22 | |
no change to extract() ? otherwise looks good to me. if you don't object, i am applying this to SUSE's python 2.5 |
|||
| msg55365 - (view) | Author: Lars Gustäbel (lars.gustaebel) * (Python committer) | Date: 2007年08月28日 10:45 | |
In principle I do not object, but this is a preliminary patch. I am still not happy with the naming of the "check_paths" argument. Also, the patch was made against the trunk which means that it contains hunks with the new reStructuredText documentation. Please be patient. I do not change extract() because it has become more and more a low-level method over the years, that makes promises it cannot keep and should not be used at all. I try to discourage its use in the documentation. |
|||
| msg55464 - (view) | Author: Lars Gustäbel (lars.gustaebel) * (Python committer) | Date: 2007年08月30日 08:03 | |
After careful consideration and a private discussion with Martin I do no longer think that we have a security issue here. tarfile.py does nothing wrong, its behaviour conforms to the pax definition and pathname resolution guidelines in POSIX. There is no known or possible practical exploit. I update the documentation with a warning, that it might be dangerous to extract archives from untrusted sources. That is the only thing to be done IMO. |
|||
| msg55489 - (view) | Author: jan matejek (matejcik) * | Date: 2007年08月30日 16:23 | |
if that can be considered "official stance", it's fine by me. feel free to close the bug. |
|||
| msg55509 - (view) | Author: Lars Gustäbel (lars.gustaebel) * (Python committer) | Date: 2007年08月30日 20:28 | |
I updated the documentation, r57764 (trunk) and r57765 (2.5). |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:56:26 | admin | set | github: 45385 |
| 2018年08月27日 18:45:41 | taleinat | set | messages: - msg324192 |
| 2018年08月27日 18:45:09 | taleinat | set | nosy:
+ taleinat messages: + msg324192 |
| 2010年04月01日 11:05:53 | doko | set | nosy:
+ doko |
| 2007年08月30日 20:28:31 | lars.gustaebel | set | status: open -> closed resolution: works for me messages: + msg55509 |
| 2007年08月30日 16:23:50 | matejcik | set | messages: + msg55489 |
| 2007年08月30日 08:03:25 | lars.gustaebel | set | type: security -> behavior messages: + msg55464 |
| 2007年08月28日 10:45:21 | lars.gustaebel | set | messages: + msg55365 |
| 2007年08月28日 10:22:34 | matejcik | set | messages: + msg55362 |
| 2007年08月28日 10:09:24 | lars.gustaebel | create | |