The Samba-Bugzilla – Attachment 17992 Details for
Bug 15390
Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
backport for 4.18
bug15390-part2v-4.18.patch (text/plain), 1.68 KB, created by
Noel Power
on 2023-07-21 14:49:21 UTC
(
hide
)
Description:
backport for 4.18
Filename:
MIME Type:
Creator:
Noel Power
Created:
2023-07-21 14:49:21 UTC
Size:
1.68 KB
patch
obsolete
>From a75084ffa7db8219e7c929d1b3f2b6a80fa96b59 Mon Sep 17 00:00:00 2001 >From: Noel Power <noel.power@suse.com> >Date: Fri, 14 Jul 2023 14:53:29 +0100 >Subject: [PATCH] python/samba: Adjust tarfile extraction filter > >The 'data_filter' is far too restrictive, this filter doesn't apply any >mode bits to directories which in turn will result in unexpected >directory permissions of the amongst others msg.[ls]ock directories. > >With 'data_filter' and a 'patched' python at best we experience >CI failures with samba-ad-back1 & samba-ad-back2 CI jobs due to server >startup failures, at worst user/admins will need to adjust directory >permissions post backup. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390 > >Signed-off-by: Noel Power <noel.power@suse.com> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit e401ae44b2f952fc2686065fbfb3a563e3d4066a) >--- > python/samba/safe_tarfile.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/python/samba/safe_tarfile.py b/python/samba/safe_tarfile.py >index 7a2b0382a79..21366178475 100644 >--- a/python/samba/safe_tarfile.py >+++ b/python/samba/safe_tarfile.py >@@ -31,7 +31,7 @@ class TarFile(UnsafeTarFile): > # New in version 3.11.4 (also has been backported) > # https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extraction_filter > # https://peps.python.org/pep-0706/ >- extraction_filter = staticmethod(tarfile.data_filter) >+ extraction_filter = staticmethod(tarfile.tar_filter) > except AttributeError: > def extract(self, member, path="", set_attrs=True, *, > numeric_owner=False): >-- >2.35.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17992">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 15390
:
17922
| 17992