[New-bugs-announce] [issue1044] tarfile insecure pathname extraction
Lars Gustäbel
report at bugs.python.org
Tue Aug 28 12:09:24 CEST 2007
New submission from Lars Gustäbel:
tarfile does not check pathnames or linknames on extraction. This can
lead to data loss or attack scenarios when members with absolute
pathnames or pathnames outside of the archive's scope overwrite or
overlay existing files or directories.
Example for a symlink attack against /etc/passwd:
foo -> /etc
foo/passwd
----------
assignee: lars.gustaebel
components: Library (Lib)
files: insecure_pathnames.diff
keywords: patch
messages: 55361
nosy: lars.gustaebel, matejcik
priority: normal
severity: normal
status: open
title: tarfile insecure pathname extraction
type: security
versions: Python 2.6
__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue1044>
__________________________________
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: insecure_pathnames.diff
Url: http://mail.python.org/pipermail/new-bugs-announce/attachments/20070828/e4895b3c/attachment.txt
More information about the New-bugs-announce
mailing list