Don't allow absolute paths when extracting tarballs

Bug #1030794 reported by Jonathan Lange
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pkgme service
Fix Released
Medium
Jonathan Lange

Bug Description

>> IOError: [Errno 13] Permission denied: '/usr/local/bin/p4d': 1>
> We probably want to constrain the file to relative paths only, either by
> turning absolute paths in to relative ones, or outright rejecting
> absolute paths.
>
> In this case it failed, but you could choose to overwrite something that
> the user could write to, and that could be bad.
>

Jonathan Lange (jml)
Changed in pkgme-service:
status: New → Fix Released
importance: Undecided → Medium
assignee: nobody → Jonathan Lange (jml)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.