Patch proposal to do not apply symbolic links included in zip files.

Bug #1636207 reported by Gerard Wagener
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unzip (Ubuntu)
New
Undecided
Unassigned

Bug Description

Zip files might include symbolic links which could be abused by an attacker to escape from restricted directories and/or from restricted environments. The attached patch includes a command line option -g which does not apply the symbolic links when zip file is extracted. In case a zip file includes a symbolic link a file is created instead containing the target of the symbolic link.

Tags: patch
Revision history for this message
Gerard Wagener (haegardev) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "do_not_apply_symlinks.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.