Don't allow absolute paths when extracting tarballs
Bug #1030794 reported by
Jonathan Lange
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pkgme service |
Fix Released
|
Medium
|
Jonathan Lange |
Bug Description
>> IOError: [Errno 13] Permission denied: '/usr/local/
> We probably want to constrain the file to relative paths only, either by
> turning absolute paths in to relative ones, or outright rejecting
> absolute paths.
>
> In this case it failed, but you could choose to overwrite something that
> the user could write to, and that could be bad.
>
Changed in pkgme-service: | |
status: | New → Fix Released |
importance: | Undecided → Medium |
assignee: | nobody → Jonathan Lange (jml) |
To post a comment you must log in.