Patch proposal to do not apply symbolic links included in zip files.

Bug #1636207 reported by Gerard Wagener on 2016-10-24
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unzip (Ubuntu)
Undecided
Unassigned

Bug Description

Zip files might include symbolic links which could be abused by an attacker to escape from restricted directories and/or from restricted environments. The attached patch includes a command line option -g which does not apply the symbolic links when zip file is extracted. In case a zip file includes a symbolic link a file is created instead containing the target of the symbolic link.

Gerard Wagener (haegardev) wrote :

The attachment "do_not_apply_symlinks.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers