[New-bugs-announce] [issue1044] tarfile insecure pathname extraction

Lars Gustäbel report at bugs.python.org
Tue Aug 28 12:09:24 CEST 2007

New submission from Lars Gustäbel:

tarfile does not check pathnames or linknames on extraction. This can
lead to data loss or attack scenarios when members with absolute
pathnames or pathnames outside of the archive's scope overwrite or
overlay existing files or directories.

Example for a symlink attack against /etc/passwd:

foo -> /etc

assignee: lars.gustaebel
components: Library (Lib)
files: insecure_pathnames.diff
keywords: patch
messages: 55361
nosy: lars.gustaebel, matejcik
priority: normal
severity: normal
status: open
title: tarfile insecure pathname extraction
type: security
versions: Python 2.6

Tracker <report at bugs.python.org>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: insecure_pathnames.diff
Url: http://mail.python.org/pipermail/new-bugs-announce/attachments/20070828/e4895b3c/attachment.txt 

More information about the New-bugs-announce mailing list