Message181133
Create a malicious .tar file with entries containing absolute or relative paths and the tarfile module happily uses them as is without sanity checking.
filed in response to http://bugs.python.org/issue6972 which fixed the zipfile module for this.
I'm attaching an example tar file to demonstrate this (safely) but much worse things could obviously be done. |
|
Date |
User |
Action |
Args |
2013-02-02 06:02:27 | gregory.p.smith | set | recipients:
+ gregory.p.smith |
2013-02-02 06:02:27 | gregory.p.smith | set | messageid: <1359784947.71.0.187572651427.issue17102@psf.upfronthosting.co.za> |
2013-02-02 06:02:27 | gregory.p.smith | link | issue17102 messages |
2013-02-02 06:02:26 | gregory.p.smith | create | |
|