[issue21109] tarfile: Traversal attack vulnerability
Philippe Godbout
report at bugs.python.org
Mon Aug 27 17:08:07 EDT 2018
Philippe Godbout <psyker156 at gmail.com> added the comment:
Lars, I think the suggested approach is great. Documentation for the tarfile class should be changed in order to direct user to the "safe" version with an relevant warning. A bit like what is done for PRNG safety.
As stated by Eduardo an optional "safe" parameter to opt into safe mode could also be an interesting approach.
----------
nosy: +Philippe Godbout
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue21109>
_______________________________________
More information about the Python-bugs-list
mailing list