Skip to content
This repository has been archived by the owner on Sep 18, 2024. It is now read-only.

Harden CPIO extractor #59

Open
fhunleth opened this issue Oct 27, 2020 · 0 comments
Open

Harden CPIO extractor #59

fhunleth opened this issue Oct 27, 2020 · 0 comments

Comments

@fhunleth
Copy link
Contributor

Put some seatbelts on the CPIO extractor to prevent mischief and accidents:

  1. No use of .. in paths
  2. No symlinks (verify that this isn't too harsh of a constraint)
  3. Verify permissions

Research whether there are other best practices.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fhunleth