Message215658
Thank you Lars for your thorough reply.
While I agree that this isn't a release blocker, as it was clearly designed to behave this way... it seems to me that it wouldn't take much to make the tarfile module a lot safer. Specifically:
* Don't allow creating files whose absolute path is not under the
destination.
* Don't allow creating links (hard or soft) which link to a path
outside of the destination.
* Don't create device nodes.
This would fix your listed attacks 1-6. The remaining attacks you cite are denial-of-service attacks; while they're undesirable, they shouldn't compromise the security of the machine. (I suppose we could even address those, adding "reasonable" quotas for disk space and number of files.)
I doubt that would make tarfile secure. But maybe "practicality beats purity"? |
|
Date |
User |
Action |
Args |
2014-04-06 14:51:56 | larry | set | recipients:
+ larry, georg.brandl, lars.gustaebel, vstinner, christian.heimes, benjamin.peterson, ned.deily, r.david.murray, serhiy.storchaka, Daniel.Garcia |
2014-04-06 14:51:56 | larry | set | messageid: <1396795916.82.0.218573630706.issue21109@psf.upfronthosting.co.za> |
2014-04-06 14:51:56 | larry | link | issue21109 messages |
2014-04-06 14:51:56 | larry | create | |
|