This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author mebrown
Recipients mebrown
Date 2008-02-03.03:59:11
SpamBayes Score 0.19586785
Marked as misclassified No
Message-id <1202011153.73.0.0833904049778.issue2004@psf.upfronthosting.co.za>
In-reply-to
Content
python 2.5.1
tarfile.py line 1516 in extractall() 

sets directories created to world-writeable while extracting which means
an attacker can change/modify files before perms are fixed. Suggest 770
while extracting to fix.
History
Date User Action Args
2008-02-03 03:59:14mebrownsetspambayes_score: 0.195868 -> 0.19586785
recipients: + mebrown
2008-02-03 03:59:13mebrownsetspambayes_score: 0.195868 -> 0.195868
messageid: <1202011153.73.0.0833904049778.issue2004@psf.upfronthosting.co.za>
2008-02-03 03:59:12mebrownlinkissue2004 messages
2008-02-03 03:59:11mebrowncreate