This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author gregory.p.smith
Recipients eric.araujo, gregory.p.smith, leveryd
Date 2021-05-08.03:14:08
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1620443649.95.0.346764753546.issue44023@roundup.psfhosted.org>
In-reply-to
Content 
TL;DR - A tar file being extracted doesn't check to see if it is overwriting an existing file, which could be a symlink to elsewhere leading to elsewhere's contents being clobbered assuming the elsewhere file exists.

doing an unlink before opening the destination file (ignoring either success or FileNotFound) during extract would avoid this _specific_ case.

But tarfile is already documented with a warning about untrusted inputs being able to do bad things:

https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall

fixing this one serialized case doesn't do anything about other cases or race conditions we won't claim protection against, so I'm not sure this issue is serious from a stdlib perspective.
History
Date User Action Args
2021-05-08 03:14:10gregory.p.smithsetrecipients: + gregory.p.smith, eric.araujo, leveryd
2021-05-08 03:14:09gregory.p.smithsetmessageid: <1620443649.95.0.346764753546.issue44023@roundup.psfhosted.org>
2021-05-08 03:14:09gregory.p.smithlinkissue44023 messages
2021-05-08 03:14:08gregory.p.smithcreate