Ubuntu
unzip package

Patch proposal to do not apply symbolic links included in zip files.

Bug #1636207 reported by Gerard Wagener on 2016-10-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	unzip (Ubuntu)	New	Undecided	Unassigned

Bug Description

Zip files might include symbolic links which could be abused by an attacker to escape from restricted directories and/or from restricted environments. The attached patch includes a command line option -g which does not apply the symbolic links when zip file is extracted. In case a zip file includes a symbolic link a file is created instead containing the target of the symbolic link.

Tags:

Revision history for this message

Gerard Wagener (haegardev) wrote on 2016-10-24:

do_not_apply_symlinks.patch Edit (1.8 KiB, text/plain)

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2016-10-25:

The attachment "do_not_apply_symlinks.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags:

added: patch

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

do_not_apply_symlinks.patch Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuunzip package