[Security-sig] Archives (.tar or .zip) with absolute paths
Victor Stinner
victor.stinner at gmail.com
Thu Mar 9 16:44:35 EST 2017
Hi,
I'm sorry Wes, but I don't understand your long list of urls :-( Can
you elaborate?
I'm asking if there is a reason for allowing absolute paths by
default. Maybe backward compatibility?
2017-03-09 20:33 GMT+01:00 Wes Turner <wes.turner at gmail.com>:
> Docs: https://docs.python.org/3/library/tarfile.html
I didn't write a private email to security@ because as you pointed,
the issue is known and *documented* in Python since 10 years.
> https://python-security.readthedocs.io/
I wrote this doc :-) I just added notes about tarfile and zipfile.
Victor
More information about the Security-SIG
mailing list