Replies: 1 comment
-
|
Attacker can use a malformed 7z file with loop-of-symlinks. Extractor may enter the infinite loop and consume file system resources that means helping DoS attack. py7zr don't have a good protection from it. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Security professionals who reported in past development suggests
py7zrshould make a feature of expansion of symbolic as OPTIONAL. The feature easily become security concern. For example, allowing symbolic link to system password database to expose secret, or send an infinite loop of link to attack system.Instead of the security concern, user requests to provide an option to skip a sanitary check.
#636
These two opinion goes opposite direction.
The project has experienced the security fix several times, and I want to make the security higher priority.
Now I am working on make the symlink feature as optional and force user to put an EXPLICIT option for
extrtactmethod.#482
The change will make surprise for users because of changing the behavior.
I think a sanity check logic of the library is not perfect, so there is always risk to get attacks.
Beta Was this translation helpful? Give feedback.
All reactions