subject:"\[issue29788\] tarfile\: Add absolute_path option to tarfile, disabled by default"

[issue29788] tarfile: Add absolute_path option to tarfile, disabled by default

2017-03-22 Thread Berker Peksag


Changes by Berker Peksag :


--
nosy: +berker.peksag

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29788] tarfile: Add absolute_path option to tarfile, disabled by default

2017-03-10 Thread Martin Panter


Martin Panter added the comment:

The CLI was added in Issue 13477. I didn’t see any discussion of traversal 
attacks there, so maybe it was overlooked. Perhaps there should also be a 
warning, like with the Tarfile.extract and “extractall” methods.

However I did see one of the goals was to keep the CLI simple, which I agree 
with. I would suggest that the CLI get this proposed behaviour by default 
(matching the default behaviour of modern “tar” commands), with no option to 
restore the current less-robust behaviour.

To implement it, I suggest to fix the module internals first: Issue 21109 
and/or Issue 17102.

FWIW BSD calls the option “--absolute-paths” (plural paths) 
, while Gnu calls it 
“--absolute-names” 
. Both 
these options disable other checks, such as for parent directories (..) and 
external symbolic link targets, so I think the term “absolute” is too specific. 
But please use at least replace the underscore with a dash or hyphen: 
“--absolute-path”, not “--absolute_path”.

--
nosy: +martin.panter

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29788] tarfile: Add absolute_path option to tarfile, disabled by default

2017-03-10 Thread Ned Deily


Changes by Ned Deily :


--
nosy: +lars.gustaebel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29788] tarfile: Add absolute_path option to tarfile, disabled by default

2017-03-10 Thread STINNER Victor


Changes by STINNER Victor :


--
components: +Library (Lib)
title: Add absolute_path option to tarfile, disabled by default -> tarfile: Add 
absolute_path option to tarfile, disabled by default

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29788] tarfile: Add absolute_path option to tarfile, disabled by default

[issue29788] tarfile: Add absolute_path option to tarfile, disabled by default

[issue29788] tarfile: Add absolute_path option to tarfile, disabled by default

[issue29788] tarfile: Add absolute_path option to tarfile, disabled by default

4 matches

Site Navigation

Mail list logo

Footer information