freebsd / iocage / 12230153067

8%

push

github

Fix hardening measure in release extraction (#55)

In freebsd/iocage#49 a hardening measure was imported from
truenas/iocage#358. This hardening measure limits what
can be extracted (location and attributes). It is implemented by
applying the 'tar' filter from tarfile. That filter does this[0]:

- Strip leading slashes (/ and os.sep) from filenames.
- Refuse to extract files with absolute paths (in case the name is
  absolute even after stripping slashes, e.g. C:/foo on Windows). This
  raises AbsolutePathError.
- Refuse to extract files whose absolute path (after following symlinks)
  would end up outside the destination. This raises
  OutsideDestinationError.
- Clear high mode bits (setuid, setgid, sticky) and group/other write
  bits (S_IWGRP | S_IWOTH).

While the first three modifications are desirable, the last one
damages the extracted release image, as things like sticky bits and
world writable files are required by a proper FreeBSD (jail)
installation.

Fixes freebsd/iocage#54

[0]https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter

58 of 3267 branches covered (1.78%)

Branch coverage included in aggregate %.

0 of 15 new or added lines in 1 file covered. (0.0%)

799 of 7815 relevant lines covered (10.22%)

0.2 hits per line