Skip to content

Fix GH-12730 - extract lost permission on linux #12739

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Fix GH-12730 - extract lost permission on linux #12739

wants to merge 3 commits into from

Conversation

@remicollet
Copy link
Member

@remicollet remicollet commented Nov 21, 2023
edited
Loading

compute file index once to avoid multiple searches
constify file name

@remicollet
Fix phpGH-12730 - extract lost permission on linux
c9d6471 
compute file index once to avoid multiple searches
constify file name
@remicollet
Copy link
Member Author

remicollet commented Nov 21, 2023
edited
Loading

Notice: I consider this as a behavior change so only to apply in 8.4+ (and zip extension 1.23.0)
rather than a bugfix (8.3+ and 1.22.4)

Need to check if restoring perm may raise security issues

  • creating an executable from an untrusted archive
  • extracting directory with 000 permissons (so its removal will fail)

@remicollet remicollet mentioned this pull request Nov 21, 2023
Closed
@remicollet
Copy link
Member Author

Too problematic
Also easy to do in user space using example in
https://www.php.net/manual/en/ziparchive.getexternalattributesindex.php

@remicollet remicollet closed this Nov 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Extension: zip

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@remicollet