Author jwilk
Recipients docs@python, jwilk
Date 2014-02-23.21:13:37
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1393190017.96.0.0939250007559.issue20749@psf.upfronthosting.co.za>
In-reply-to
Content
shutil.unpack_archive() uses tarfile.extractall() under the hood, so it's not suitable for unpacking untrusted archives. But this fact is not documented.

Please add a security warning to shutil.unpack_archive() documentation.
History
Date User Action Args
2014-02-23 21:13:37jwilksetrecipients: + jwilk, docs@python
2014-02-23 21:13:37jwilksetmessageid: <1393190017.96.0.0939250007559.issue20749@psf.upfronthosting.co.za>
2014-02-23 21:13:37jwilklinkissue20749 messages
2014-02-23 21:13:37jwilkcreate