Review Request 70142: Added ARCHIVE_EXTRACT_SECURE_NODOTDOT flag to archiver default.

Joseph Wu Wed, 06 Mar 2019 11:35:29 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70142/
-----------------------------------------------------------


Review request for mesos, Andrei Budnik, Gilbert Song, and Greg Mann.


Bugs: MESOS-9610
    https://issues.apache.org/jira/browse/MESOS-9610


Repository: mesos


Description
-------

This enables a security flag provided by libarchive, which disallows
extraction of archives that contain '..' in hardlinks or files.
Without this flag, it is possible to provide the archiver with
an archive and overwrite arbitrary files in the user's parent directory
or further up.


Diffs
-----

  3rdparty/stout/include/stout/archiver.hpp 
2447797ee05f48ab6d8b046d862aede8dec36bea 
  3rdparty/stout/tests/archiver_tests.cpp 
cdf24a5d9accb1082e8bf3809c865a92d93e63d8 


Diff: https://reviews.apache.org/r/70142/diff/1/


Testing
-------

```
cmake --build . --target stout-tests
3rdparty/stout/tests/stout-tests --gtest_filter="*Archiver*"
```


Thanks,

Joseph Wu

Review Request 70142: Added ARCHIVE_EXTRACT_SECURE_NODOTDOT flag to archiver default.

Reply via email to