Message 212029 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	jwilk
Recipients	docs@python, jwilk
Date	2014-02-23.21:13:37
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1393190017.96.0.0939250007559.issue20749@psf.upfronthosting.co.za>
In-reply-to

Content
shutil.unpack_archive() uses tarfile.extractall() under the hood, so it's not suitable for unpacking untrusted archives. But this fact is not documented. Please add a security warning to shutil.unpack_archive() documentation.

shutil.unpack_archive() uses tarfile.extractall() under the hood, so it's not suitable for unpacking untrusted archives. But this fact is not documented.

Please add a security warning to shutil.unpack_archive() documentation.

History
Date	User	Action	Args
2014-02-23 21:13:37	jwilk	set	recipients: + jwilk, docs@python
2014-02-23 21:13:37	jwilk	set	messageid: <1393190017.96.0.0939250007559.issue20749@psf.upfronthosting.co.za>
2014-02-23 21:13:37	jwilk	link	issue20749 messages
2014-02-23 21:13:37	jwilk	create