New submission from Michael Brown: python 2.5.1 tarfile.py line 1516 in extractall()
sets directories created to world-writeable while extracting which means an attacker can change/modify files before perms are fixed. Suggest 770 while extracting to fix. ---------- components: Library (Lib) messages: 62016 nosy: mebrown severity: major status: open title: tarfile extractall() allows local attacker to overwrite files while extracting type: security versions: Python 2.5 __________________________________ Tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue2004> __________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
