Patch proposal to do not apply symbolic links included in zip files.
Bug #1636207 reported by
Gerard Wagener
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unzip (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Zip files might include symbolic links which could be abused by an attacker to escape from restricted directories and/or from restricted environments. The attached patch includes a command line option -g which does not apply the symbolic links when zip file is extracted. In case a zip file includes a symbolic link a file is created instead containing the target of the symbolic link.
To post a comment you must log in.
The attachment "do_not_ apply_symlinks. patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]