Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #102869
| From | Lars Gustäbel <lars@gustaebel.de> |
|---|---|
| Newsgroups | comp.lang.python |
| Subject | Re: tarfile : secure extract? |
| Date | 2016-02-12 20:21 +0100 |
| Message-ID | <mailman.83.1455304896.22075.python-list@python.org> (permalink) |
| References | <n9j56h$93n$1@news2.informatik.uni-stuttgart.de> |
On Thu, Feb 11, 2016 at 11:24:01PM +0000, Ulli Horlacher wrote: > In https://docs.python.org/2/library/tarfile.html there is a warning: > > Never extract archives from untrusted sources without prior inspection. > It is possible that files are created outside of path, e.g. members that > have absolute filenames starting with "/" or filenames with two dots > "..". > > My program has to extract tar archives from untrusted sources :-} Read the discussion in this issue on why this might be a bad idea: http://bugs.python.org/issue21109 -- Lars Gustäbel lars@gustaebel.de
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread
tarfile : secure extract? Ulli Horlacher <framstag@rus.uni-stuttgart.de> - 2016-02-11 23:24 +0000
Re: tarfile : secure extract? Random832 <random832@fastmail.com> - 2016-02-12 11:01 -0500
Re: tarfile : secure extract? Ulli Horlacher <framstag@rus.uni-stuttgart.de> - 2016-02-12 19:43 +0000
Re: tarfile : secure extract? Lars Gustäbel <lars@gustaebel.de> - 2016-02-12 20:21 +0100
csiph-web