New submission from Gregory P. Smith: Create a malicious .tar file with entries containing absolute or relative paths and the tarfile module happily uses them as is without sanity checking.
filed in response to http://bugs.python.org/issue6972 which fixed the zipfile module for this. I'm attaching an example tar file to demonstrate this (safely) but much worse things could obviously be done. ---------- files: absolute_path.tar messages: 181133 nosy: gregory.p.smith priority: high severity: normal status: open title: tarfile extract can write files outside the destination path type: security versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4 Added file: http://bugs.python.org/file28931/absolute_path.tar _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue17102> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com