Larry Hastings added the comment:
Thank you Lars for your thorough reply.
While I agree that this isn't a release blocker, as it was clearly designed to
behave this way... it seems to me that it wouldn't take much to make the
tarfile module a lot safer. Specifically:
* Don't allow creating files whose absolute path is not under the
destination.
* Don't allow creating links (hard or soft) which link to a path
outside of the destination.
* Don't create device nodes.
This would fix your listed attacks 1-6. The remaining attacks you cite are
denial-of-service attacks; while they're undesirable, they shouldn't compromise
the security of the machine. (I suppose we could even address those, adding
"reasonable" quotas for disk space and number of files.)
I doubt that would make tarfile secure. But maybe "practicality beats purity"?
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue21109>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
