[Python-checkins] r57765 - python/branches/release25-maint/Doc/lib/libtarfile.tex
lars.gustaebel
python-checkins at python.org
Thu Aug 30 22:25:14 CEST 2007
Author: lars.gustaebel
Date: Thu Aug 30 22:25:13 2007
New Revision: 57765
Modified:
python/branches/release25-maint/Doc/lib/libtarfile.tex
Log:
Warn about possible risks when extracting untrusted archives.
Modified: python/branches/release25-maint/Doc/lib/libtarfile.tex
==============================================================================
--- python/branches/release25-maint/Doc/lib/libtarfile.tex (original)
+++ python/branches/release25-maint/Doc/lib/libtarfile.tex Thu Aug 30 22:25:13 2007
@@ -207,6 +207,12 @@
problems: A directory's modification time is reset each time a file is
created in it. And, if a directory's permissions do not allow writing,
extracting files to it will fail.
+ \begin{notice}[warning]
+ Never extract archives from untrusted sources without prior inspection.
+ It is possible that files are created outside of \var{path}, e.g. members
+ that have absolute filenames starting with \code{"/"} or filenames with
+ two dots \code{".."}.
+ \end{notice}
\versionadded{2.5}
\end{methoddesc}
@@ -221,6 +227,10 @@
archive there are some issues you must take care of yourself. See the
description for \method{extractall()} above.
\end{notice}
+
+ \begin{notice}[warning]
+ See the warning for \method{extractall()}.
+ \end{notice}
\end{methoddesc}
\begin{methoddesc}{extractfile}{member}
More information about the Python-checkins
mailing list