Subject: | Non-root can't do extractTree for archs containing dirs w/o own-writable perm. |
Hello,
The problem is that if an arch contains dirs with permissions not allowing
an owner to write, then this arch tree can't be extracted by non-root.
As an example of such an arch the attached test.zip can be used.
It contains dir test_dir and file test_dir/test_file:
#ls -lR .
.:
total 4
dr-xr-xr-x 2 nobody nobody 4096 Aug 11 13:19 test_dir
./test_dir:
total 4
-r--r--r-- 1 nobody nobody 9 Aug 11 13:30 test_file
Try to extractTree the arch into /tmp/ as nobody(assuming you're root):
su nobody -c 'perl -MArchive::Zip -e'\'' $z=Archive::Zip->new(); $z->read($ARGV[0]); $z->extractTree("", "/tmp/")'\'' test.zip' -s /bin/sh
It fails:
IO error: Can't open file /tmp/test_dir/test_file for write : Permission denied
at /usr/lib/perl5/site_perl/5.8.6/Archive/Zip.pm line 1791
Archive::Zip::Member::extractToFileNamed('Archive::Zip::ZipFileMember=HASH(0x8c14e0c)', '/tmp/test_dir/test_file') called at /usr/lib/perl5/site_perl/5.8.6/Archive/Zip.pm line 1179
Archive::Zip::Archive::extractTree('Archive::Zip::Archive=HASH(0x8bf9d4c)', '', '/tmp/') called at -e line 1
Yet it could be done with unzip:
su nobody -c 'unzip -d /tmp test.zip' -s /bin/sh
Archive: test.zip
creating: /tmp/test_dir/
extracting: /tmp/test_dir/test_file
I suggest to make all arch items own-writable while extracting an arch tree
(in extractToFileNamed called from extractTree) and then set properly all permissions after extraction (in extractTree)
Suggested patch will be attached to the next post.
After this patch has been applied, the test.zip attached is extracted perfectly.
Best regards
Alexey Kravchuk
Message body not shown because it is not plain text.